How can prompt injection pose security risks, and what mitigations exist?

Prompt injection is a security risk where attacker-crafted input tries to steer the model into following unintended instructions or revealing restricted information. Attackers can insert prompts in the input to alter how the model behaves, potentially bypassing guardrails, exfiltrating data, or manipulating outputs. The best mitigations respond directly to this risk: input sanitization helps remove or neutralize dangerous content before it reaches the model; system prompts with locking prevent the model’s core instructions from being overridden by user input; guardrails enforce safety policies during generation; monitoring detects unusual prompt patterns or outputs so misuse can be spotted and stopped; and user isolation limits the impact of any given session, reducing potential damage. Other options don’t address this runtime manipulation: improving accuracy doesn’t tackle security risks, updating training data relates to data-poisoning concerns rather than live prompt manipulation, and crashing is not the main security issue here.