Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Indirect Prompt Injection

Training Camp • Cybersecurity Glossary

What is Indirect Prompt Injection?

Indirect prompt injection hides malicious instructions in external content an LLM ingests, hijacking its behavior through poisoned web pages, docs, or emails.

Glossary > AI Security & Data Privacy > Indirect Prompt Injection

Understanding Indirect Prompt Injection

Indirect prompt injection is an attack against large language model applications in which malicious instructions are hidden inside external content the model later ingests, such as a web page, document, email, or API response. When the LLM processes this poisoned data, it treats the embedded text as trusted instructions, potentially leaking data, calling tools, or producing attacker-controlled output. Unlike direct prompt injection typed by a user, the payload arrives through a third-party data source, making it a top concern in the OWASP Top 10 for LLM applications.

Learn More About Indirect Prompt Injection:

Ready to Get Certified?

Indirect Prompt Injection is one of the topics you'll master in the AIGP Boot Camp.

AIGP Boot Camp →