Press enter or click to view image in full size
Over the last year, we’ve witnessed an explosion of apps that let users “talk to AI.” Whether it’s summarizing documents, asking questions about spreadsheets, analyzing legal text, or chatting with a customer support bot — these applications often give users a plain text box, and behind the scenes, they pass that input into a Large Language Model (LLM) like GPT-4.
To the user, it feels simple and magical.
To the developer, it’s a ticking time bomb.
In this post, I want to highlight a serious, under-addressed threat: prompt injection attacks. These are not just theoretical risks — they are active, exploitable, and growing in complexity. And much like SQL injection in the 2000s, they threaten to become the most common vector for compromising LLM-powered applications.
What’s Really Happening Behind the Scenes ?
Let’s say you build a chatbot for your customers. To make sure the AI stays in character and only gives safe, helpful answers, you write something like this:
System prompt: "You are a polite and helpful customer support agent for Acme Inc. Only answer questions related to our services, and never reveal confidential information."
User input: "Where…