P · Prompt injection

Prompt injection

A security attack where an attacker hides instructions inside data the model reads.

In one sentence

Prompt injection is a class of security attack where an attacker hides instructions inside content the model retrieves or receives — a document, an email, a webpage — to make the model deviate from the intended task.

When it matters

For any RAG system that ingests user-supplied content (customer-uploaded PDFs, web-scraped pages, third-party APIs).

A real-world example

helpcode KB sanitises ingested documents and isolates tool-use authorities so a poisoned PDF cannot trigger destructive actions.

Curated by helpcode security team · Last reviewed 2026-05-22