Prompt injection

An attack where adversary-controlled text is interpreted by an LLM as instructions, overriding the developer's intent. Catalogued as LLM01 in OWASP's Top 10 for LLM Applications. The leading exploit class against agentic systems.

Every enterprise agent deployment must threat-model prompt injection — it is not theoretical. MTTD-for-Agents includes a tripwire for refusal-rate anomalies precisely because successful injections often surface as a sudden change in tool-use frequency or refusal patterns before the operator notices the data leak.

Related frameworks

• MTTD-for-Agents →

Articles that analyse this term

• EchoLeak and the cross-agent prompt-injection class
• The AI agent risk register: 2026 enterprise template

Primary sources

• OWASP. Top 10 for LLM Applications — LLM01: Prompt Injection