Attacks that smuggle instructions or data into a model’s input so it overrides developer or system intent—distinct from ordinary “bad prompts” and relevant whenever untrusted text reaches the model.
Prompt injection exploits the model’s tendency to follow the latest persuasive instructions. Untrusted web pages, tickets, emails, or documents inside a prompt can try to exfiltrate secrets, misuse tools, or bypass policies.
Jailbreaks
Jailbreaks are closely related: user-authored attempts to weaken refusals or policies. Mitigations combine architecture (separate trusted system text from untrusted content), allowlists, output filtering, monitoring, and red teaming—not a single regex.
See also
AI guardrails and RAG hygiene (what you retrieve is also attacker-controlled).
