What is OWASP LLM01 (2023) Prompt Injection?
In the 2023/24 list, prompt injection was already the headline risk: attackers craft inputs that override developer instructions and push the model toward unintended actions.
What this looks like in production
Same family of attacks as LLM01 (2025) - direct overrides, indirect payloads in documents, and growing automation. The 2025 edition keeps the rank and expands mitigation guidance.
What teams usually do about it
- See LLM01 (2025) for current production patterns and automated jailbreaks.