Why it matters
JSON is common in LLM apps. Understanding injection prevents subtle exploits.
Advertisement
The architecture
Field injection: attacker includes extra fields designed to be interpreted as instructions.
Escape breakout: bad escaping lets attacker end string, add new field, reopen.
Advertisement
How it works end to end
Nested content: legitimate JSON with malicious string values that LLM interprets as instructions.
Defenses: validate schema strictly. Escape values before including in prompts. Treat string values as untrusted user input.