Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Indirect prompt injection hides malicious instructions in external content an LLM ingests, hijacking its behavior through poisoned web pages, docs, or emails.
Indirect Prompt Injection Definition: Indirect prompt injection hides malicious instructions in external content an LLM ingests, hijacking its behavior through poisoned web pages, docs, or emails.
Indirect prompt injection is an attack against large language model applications in which malicious instructions are hidden inside external content the model later ingests, such as a web page, document, email, or API response. When the LLM processes this poisoned data, it treats the embedded text as trusted instructions, potentially leaking data, calling tools, or producing attacker-controlled output. Unlike direct prompt injection typed by a user, the payload arrives through a third-party data source, making it a top concern in the OWASP Top 10 for LLM applications.
Indirect Prompt Injection is one of the topics you'll master in the AIGP Boot Camp.
AIGP Boot Camp →