Why it matters

Prompt injection is LLM's #1 threat. Understanding shapes defense.

Advertisement

The architecture

Direct: user-controlled prompt.

Indirect: content from data.

Multi-turn: gradual manipulation.

Prompt injection categoriesDirectuser inputIndirectvia dataMulti-turngradualOWASP LLM01; defenses layered but not perfect
Prompt injection.
Advertisement

How it works end to end

Simon Willison + academic surveys.

Payload delivered via user input or retrieved content.

Defenses: isolation, guardrails, monitoring.