Skip to content

Hide Navigation Hide TOC

Prompt Injection (c95f6f8d-b1dd-55d7-b77a-100c9e131313)

AI models, particularly large language models (LLMs), are susceptible to prompt injection attacks, where adversaries craft inputs designed to override model constraints, extract sensitive data, or manipulate system behavior.

  • Meta Prompt Extraction: Attackers can manipulate prompts to reveal system instructions, policies, or proprietary data.
  • Indirect Injection Attacks: If an AI model ingests untrusted external content, such as the contents or names of uploaded files, text from emails, chat inputs, or web pages, attackers can embed hidden prompts or malicious instructions within these elements. These indirect inputs can exploit the model's processing logic to alter its behavior, produce misleading responses, or trigger unauthorized actions, even without direct access to the model's interface.
  • System Command Override: Specially crafted prompts could trick AI models into executing unintended actions or disclosing confidential information.

Threat-modeling question: Could the AI system be vulnerable to prompt injection attacks, leading to unauthorized access or manipulation?

Cluster A Galaxy A Cluster B Galaxy B Level
Prompt Injection (c95f6f8d-b1dd-55d7-b77a-100c9e131313) PLOT4ai Direct Prompt Injection via User Input - ATR-2026-00001 (7859f830-8dd6-55ee-a3c4-d942825b4294) Agent Threat Rules 1
Prompt Injection (c95f6f8d-b1dd-55d7-b77a-100c9e131313) PLOT4ai Indirect Prompt Injection via External Content - ATR-2026-00002 (25be13cc-b593-5a70-bc2a-806b1b2cd544) Agent Threat Rules 1
Prompt Injection (c95f6f8d-b1dd-55d7-b77a-100c9e131313) PLOT4ai LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern 1
Direct (d911e8cb-0601-42f1-90de-7ce0b21cd578) MITRE ATLAS Attack Pattern Direct Prompt Injection via User Input - ATR-2026-00001 (7859f830-8dd6-55ee-a3c4-d942825b4294) Agent Threat Rules 2
Direct Prompt Injection via User Input - ATR-2026-00001 (7859f830-8dd6-55ee-a3c4-d942825b4294) Agent Threat Rules LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern 2
Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern Indirect Prompt Injection via External Content - ATR-2026-00002 (25be13cc-b593-5a70-bc2a-806b1b2cd544) Agent Threat Rules 2
Indirect Prompt Injection via External Content - ATR-2026-00002 (25be13cc-b593-5a70-bc2a-806b1b2cd544) Agent Threat Rules LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern 2
Direct (d911e8cb-0601-42f1-90de-7ce0b21cd578) MITRE ATLAS Attack Pattern LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern 3
Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern 3