Glossary term
Glossary term
Security
Prompt injection delivered through content the model reads, such as web pages, documents, emails, tickets, or knowledge base records. This risk is severe when AI systems summarize external content, browse the web, read documents, process tickets, or operate with tools that can send messages or change records.
Greshake et al. (USENIX Security 2023) introduced indirect prompt injection through research showing attacks via documents and web pages.
Embrace The Red demonstrated Microsoft Copilot data exfiltration via indirect prompt injection in Outlook emails (2024).
Salesforce's Agentforce launches included specific controls against indirect prompt injection through knowledge base records and email content.