What is a Prompt Injection Attack: What CISOs Need to Know

This report outlines prompt injection as a critical AI security threat: attackers can craft inputs (or poison external content or training data) that cause LLM-based systems to ignore developer instructions and leak data, perform unauthorized actions, or corrupt model behavior. It describes attack types (direct, indirect, stored, multimodal), real-world research examples, enabling vulnerabilities (lack of sanitization, weak access controls, exposed API tokens, blurred system/user boundaries), and layered defenses including input/output filtering, RBAC, secure development, penetration testing, and continuous monitoring.