LLM01:2025 Prompt Injection – OWASP GenAI Security Project

The OWASP GenAI Security Project’s LLM01 entry defines prompt injection vulnerabilities and describes how both direct and indirect injections can cause LLM applications to violate guardrails, leak sensitive information, or influence critical business decisions.[4] It provides mitigation guidance relevant to SMBs and SaaS builders, including strict output format validation, input and output filtering, least-privilege access for connected tools and data, and human-in-the-loop controls for high-risk actions.[4]

The OWASP GenAI Security Project’s LLM01:2025 entry defines prompt injection as inputs that manipulate an LLM’s behavior so that user or external content can override system instructions, bypass guardrails, leak sensitive data, or influence critical business decisions.[2][7] It covers both direct and indirect injections and recommends layered mitigations including strict output format validation, input/output filtering, least-privilege access to tools and data, human-in-the-loop for high-risk actions, and regular adversarial testing.[2][6] From a CyberSE.AI perspective, these patterns indicate that SaaS and SMB builders using agents, tools, or RAG need secure agent architectures, explicit business-logic boundaries, and continuous red teaming to detect regressions and new jailbreak techniques before they impact production. Implementing these controls systematically across the SDLC—backed by policy, readiness assessments, and automated security testing—substantially reduces the likelihood that prompt injection leads to data leakage or unsafe autonomous actions.