← Back to the A-Z glossary
AI glossary · P1

Prompt injection

A prompt injection tries to hijack the instructions of a model or an agent.

Risk 4 min read Updated 2026-05-22
— Definition

Prompt injection, in plain words

A prompt injection tries to hijack the instructions of a model or an agent.

Explain why the danger often comes from the content the agent reads.

A concrete example

A web page contains a hidden instruction telling the agent to ignore its rules and send off data.

Why it matters

The moment an agent reads emails, pages, or files, it can be exposed to hostile instructions.

You'll see it in agents that read outside content, public chatbots, and tools connected to the web.

Don't mix it up with

Indirect prompt injection: An indirect prompt injection hides malicious instructions inside content that the agent reads.

Guardrail: A guardrail is a safety rule that limits what an AI or an agent is allowed to do.

Common mistakes

  • Thinking one line in the system prompt is enough.
  • Trusting all outside content.
  • Letting an agent act without validation or limited permissions.

Quick checklist

  • First I check whether the word names a concept, a tool, a risk, or a metric.
  • I tie it to a concrete case: A web page contains a hidden instruction telling the agent to ignore its rules and send off data.
  • I keep the main trap in mind: Thinking one line in the system prompt is enough.

Quick questions

What is Prompt injection in AI?

A prompt injection tries to hijack the instructions of a model or an agent.

Where will I run into Prompt injection?

You'll see it in agents that read outside content, public chatbots, and tools connected to the web.

Which word should I read next?

Start with Indirect prompt injection, Guardrail, Human-in-the-loop.

Want to keep going in order?

Head back to the full glossary, search a word, then open only the pages that deserve more than a short definition.

Open the AI glossary