Your user typed nothing malicious. Your AI leaked their data anyway.
OWASP has identified prompt injection as the top risk for LLM applications in 2025, with indirect injection posing a significant threat to developers. This occurs when an attacker embeds malicious instructions within external content that an LLM processes, leading to data exfiltration or unauthorized command execution, even if the user's input is benign. Examples like EchoLeak in Microsoft 365 Copilot and CurXecute in Cursor IDE highlight the real-world impact of these vulnerabilities. The author is developing rojaprove, a red-teaming tool to test for such risks, starting with system prompt leakage and planning to add indirect injection probes. AI
IMPACT Developers must implement robust defenses against indirect prompt injection to protect user data and application integrity.