Prompt Injection in AI Systems: Key Risks and Mitigation Strategies

Below table depicts more details about these two prompt injections attacks.

Organisations that have invested in SIEM / SOAR platforms and Endpoint Security services are better positioned to detect and contain these threats before they escalate.

Key Risks due to Prompt Injections

In recent times, there is rise in prompt injection attacks and it has huge impact on regulatory non-compliances around data privacy, fraudulent transactions and brand reputation. Below are the key risks arising due to prompt injections.

• Data leakages due to direct and indirect prompt injection. It can leak system prompts, API keys, critical information about the clients, enterprises.
• Malware or malicious files sharing across multiple sessions can perform adverse actions across the system.
• Unauthorized access to LLM agents can lead to performing intended actions e.g. sharing emails having critical information about users.
• Supply chain attacks due to injecting malicious objects in the model context.
• Decision manipulation though biased models which can lead to wrong decisions.
• Steganography attacks through hidden malicious instructions in the third-party files or objects.
• Denial of service attacks through overloading the data inputs in the data models.

Mitigation Strategies for Enterprise LLM Deployments

Mitigating prompt injection attacks requires defense-in-depth and secure by design approach with strong governance framework. Below are key mitigation strategies to secure LLM models.

• Input Validation – Strict input validation and normalization e.g. Escape control phrases like “ignore previous instructions”; restrict payment, account details exposure.
• Trusted Data Model Validation – segregate trusted and non-trusted data models and restrict auto execution of the untrusted data prompts.
• RAG pipeline hardening – validate inputs from third party objects – documents, APIs before embedding in the LLM models.
• Privilege Management – restrict access and privileges for payments and critical information about the enterprises.
• Validate Guardrails and output filtering – scan outputs for sensitive information e.g. API keys, PII and filter the malicious output contents.
• Defense in Depth – 24*7 Monitoring, Detection and Incident Response for log prompts, retrieved outputs, jailbroken data patterns, APIs or PII. Ensure to have all defensive controls are in place across GenAI applications, databases and underlying infrastructure.
• Secure By Design – perform threat modelling for LLM models, secure code reviews for the GenAI applications, ensure data security and regulatory compliances are adhered through secure SDLC.
• Human in the loop – mandatory controls for critical actions like sensitive data deletion, user addition/deletion, financial transactions.

Organisations can reinforce these controls by leveraging Managed IT Services and Cloud Managed Services to ensure continuous oversight of their AI environments. Embedding secure code reviews and threat modelling into the SDLC aligned with a DevOps on Azure workflow further reduces the attack surface at the development stage.

Security Governance Frameworks for GenAI

A growing number of authoritative frameworks provide structured guidance for securing LLM and GenAI ecosystems. Organisations should align their AI security programmes with standards from OWASP, NIST AI RMF, ISO/IEC 42001, EU AI Act requirements, CSA AI Safety, and MITRE ATLAS. Microsoft and Google have also published enterprise-grade AI security guidance that maps these frameworks to practical implementation controls.

For enterprises running AI workloads in hybrid or multi-cloud environments, integrating these frameworks with existing Hybrid Cloud governance and Disaster Recovery plans ensures a coherent, end-to-end security posture. Teams managing SAP on Azure deployments should specifically review OWASP and NIST guidance for AI-adjacent supply chain risks.