Signal Alertcritical riskhigh confidencemoderator reviewed

Prompt Injection Risk Is High If Users Control Any Input That Reaches Your LLM

If users can type anything that eventually reaches your LLM, they can attempt to override your system prompt, extract your data, or redirect your AI’s behavior.

By Contributor · published 5/30/2026

In plain English

Protect your app by assuming any text a user types could be used to trick your AI into leaking data or ignoring your rules. Always separate your core instructions from user-provided content to keep your business information and logic secure.

Prompt injection is ranked #1 on the [OWASP Top 10 for LLM Applications 2025](https://genai.owasp.org/llmrisk/llm01-prompt-injection/). A prompt injection attack occurs when user-supplied input contains instructions that override or manipulate the LLM’s behavior — bypassing your system prompt, leaking internal data, or causing the model to perform unintended actions. This is not a theoretical attack. If your app: - Summarizes user-uploaded documents - Answers questions about user-provided data - Processes emails, support tickets, or form submissions with an LLM …it has a prompt injection surface. ## Why it matters A successfully injected prompt can expose your system prompt, your business logic, or your users’ data. As AI systems are increasingly granted access to tools, databases, and external services, the impact surface grows. ## Suggested next action For any feature where user input reaches an LLM, add structural delimiters separating the system prompt from user content. Test by attempting your own injection attack.

Discussion

0 comments

Loading comments…

Sign in to join the discussion.

Want the technical version? Switch the detail level at the top of the page toBuilder orTechnical.