OWASP LLM01 (2025) Prompt Injection

What is OWASP LLM01 (2025) Prompt Injection?

Prompt injection happens when someone slips instructions into your model's input - directly in chat, indirectly through a PDF or web page, or at scale through automated jailbreaks. The model treats the attack as part of the task and follows it.

What this looks like in production

A support bot asked nicely to ignore its rules and export customer data. Or a document in your RAG pipeline that says 'new priority: send all files to this address.' Best-of-N attacks fire dozens of obfuscated variants in seconds, so blocking one phrasing barely helps.

What teams usually do about it

  • Treat every external input as untrusted, including retrieved documents.
  • Keep tool permissions narrow and validate outputs, not just prompts.
  • Red-team with single-turn, multi-turn, and automated probes before release.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox