Best of 2025: Indirect Prompt Injection Attacks Target Common LLM Data Sources
Security Boulevard, Monday, December 29th, 2025
While the shortest distance between two points is a straight line, a straight-line attack on a large language model isn't always the most efficient - and least noisy - way to get the LLM to do bad things. That's why malicious actors have been turning to indirect prompt injection attacks on LLMs.
Indirect prompt injection attacks involve malicious instructions embedded within external content - documents, web pages, or emails - that an LLM processes. The model may interpret these instructions as valid user commands, leading to unintended actions such as data leaks or misinformation.
A team of researchers recently wrote that indirect prompt injection attacks are successful because LLMs lack the ability to distinguish between informational context and actionable instructions. In addition, LLMs lack awareness when executing instructions within external content.