BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
  1. Home
  2. ›
  3. Glossary
  4. ›
  5. Prompt Injection
IA

Prompt Injection

Definition

Technique that manipulates an LLM's input (ChatGPT, Claude, Gemini) to override its original instructions and make it act outside its intended behaviour.

Two variants: direct (user writes the payload — 'ignore your previous instructions and...') and indirect (the payload travels in external content the LLM consumes — email read by an agent, scraped web page, uploaded file).

Indirect is the more dangerous one in agentic AI: your agent with permissions reads a malicious email → executes attacker commands with YOUR permissions. This is the first item in the OWASP LLM Top 10 (LLM01).

Defence: clear separation between system prompt and user input (don't mix in a single string), guardrails with prior classifier, principle of least privilege on agent tools, output filtering, human-in-the-loop for high-blast-radius actions (delete, transfer, send). No complete solution yet — it's an active research area.

Related terms

  • APT

Latest articles on IA

  • →Malicious npm targets Claude AI user directory
  • →ChatGPhish: how ChatGPT web summaries become phishing lures
  • →Claude Mythos goes public: what the security delay means

Interested in IA?

Get one technical story a day on ia — curated, summarised, actionable.

Subscribe
BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi