Prompt Injection: The New Cyber-Attack Vector

Kristina Avrionova Fortanix
Kristina Avrionova
Published:Jul 10, 2024
Reading Time:3mins

In the rapidly evolving landscape of GenAI, a new challenge has emerged that demands immediate attention—prompt engineering. While generative AI tools have become invaluable aids for businesses and individuals, they have also opened the door to a novel form of cyber-attacks.

The threat of prompt injection in AI models has become a clear and present danger, leading to costly and embarrassing data breaches and unwanted model manipulation.

What is Prompt Injection Attack?

Before we answer the question, we first must understand what prompt engineering is. Prompt engineering is how we communicate with the  large language model (LLM). It involves how we craft the queries, or prompts, to get a desired response from the GenAI technology. The technique is also used to improve AI-generated content.

However, in the wrong hands, prompt engineering can manipulate AI systems into performing unintended actions or generating harmful outputs. When bad actors use carefully crafted prompts to make the model ignore previous instructions or perform unintended actions, it results in what we call prompt injection attacks.

Associated Risks in Prompt Injection Attack

The primary risk associated with prompt injection attack is the unintended behavior of AI models. Given that AI models are trained on vast datasets and are designed to predict the most likely subsequent text, carefully crafted prompts can coerce the models into revealing more than they should.

Few of the biggest concerns are:

  • Data leaks: Generative AI models access extensive databases of text, some of which may contain confidential or proprietary information. By cleverly manipulating prompts, bad actors can trick AI systems into divulging this sensitive data.
  • Introduction or amplification of biases: This is particularly concerning in applications where fairness and objectivity are critical, such as hiring processes or judicial decisions. By exploiting these biases, malicious actors can undermine the integrity of AI-driven systems.
  • Injection of malicious code: Cybercriminals can use prompt engineering to inject malicious code or commands into AI-generated content. If bad actors then ask the model a question, this malicious code could execute the intended attack.

How to Protect Your Organization from Prompt Injection Attacks

One of the most effective ways to safeguard against prompt engineering attacks is to implement robust input filtering that prevents tampering with the model. This involves scrutinizing and sanitizing user inputs to ensure they do not contain potentially harmful prompts.

In addition, business should educate employees on what data they should and should not use when writing prompts into Gen AI. Sensitive data should not be fed into a model because it becomes a reference point and deleting is almost impossible.

Therefore, PII and critical data should always be encrypted and accessed granted only through granular permission controls. Organizations should also look into a comprehensive range of frameworks, policies, and best practices to establish AI governance.

It needs to serve as guardrails for the development and use of AI technologies and ensure alignment between stakeholders from all corners of an organization.

Lastly, continuous monitoring through advanced analytics and anomaly detection mechanisms, along with regular security audits can help identify vulnerabilities within AI systems.

Teams should carry out frequent and rigorous testing of the models with various prompts to determine model’s susceptibility to manipulation. Identified weaknesses can then be addressed through model retraining or other mitigation strategies.


Prompt engineering represents a new frontier in cybersecurity threats. As generative AI continues to grow in importance, so does the need to protect these systems and the data from exploitation.

By understanding the risks and implementing robust security measures, organizations can safeguard their AI assets from this emerging threat.

Share this post: