What is prompt injection and how do I prevent it?

Prompt injection is when user input overrides your system instructions. Prevent it by: separating user input with clear delimiters, validating inputs, using the system message for instructions (not user message), and never trusting user input to be benign.

When to use this

When building apps where users provide input that gets sent to an LLM.

When to skip this

For personal use cases without untrusted user input.

Advanced

#AI Agents #Enterprise AI

By Simon Willison

Source: Blog →

Docs: OWASP Top 10 for LLMs →

Extracted: 2024-01-27