Infosec glossary

Prompt Injection

Prompt injection became a core AI security term because language-based systems can be manipulated in ways that look different from traditional input handling problems. The term is useful when it clearly describes instruction override, context manipulation, and unintended model behavior.

Threat language 6 min read By Infosec Writing Studio editorial team
01

Why prompt injection matters

Language models process instructions and data through the same general medium: text or semantically interpretable input. That creates a unique problem where hostile or misleading input can compete with or override intended instructions.

This is why prompt injection matters in AI security. The issue is not only model output quality. It is the security risk created when the system treats malicious input as valid instruction context.

02

How the attack is usually described

Prompt injection is usually described through direct or indirect instruction manipulation. In a direct case, the adversary inserts instructions openly. In an indirect case, the malicious input is embedded in content the system later processes, such as documents, web pages, or workflow inputs.

That distinction helps the term stay precise, especially in agent and retrieval-connected systems where the model is consuming outside content as part of the task.

  • Direct instruction override
  • Indirect prompt manipulation through content
  • Unintended data or behavior exposure
  • Risk in agents, assistants, and retrieval workflows
03

How to explain prompt injection clearly

The cleanest explanation of prompt injection names the instruction problem first. The attack is about getting the system to follow the wrong semantic path, not just about “asking a bad question.”

That also helps separate prompt injection from broader AI risk categories such as model misuse, governance gaps, or unsafe output quality.