Why it matters
Prompt injection is LLM's #1 threat. Understanding shapes defense.
Advertisement
The architecture
Direct: user-controlled prompt.
Indirect: content from data.
Multi-turn: gradual manipulation.
Advertisement
How it works end to end
Simon Willison + academic surveys.
Payload delivered via user input or retrieved content.
Defenses: isolation, guardrails, monitoring.