Prompt injection
Can prompt injection be fully prevented?
Prompt injection is effectively unsolved. OWASP says there may be no fool-proof method of prevention, and the NCSC warns it may be an inherent issue with LLM technology, because a probabilistic model can be reworded around any filter.
OWASP is candid: “given the stochastic influence at the heart of the way models work, it is unclear if there are fool-proof methods of prevention for prompt injection.”[1] The NCSC goes further, warning that “as yet there are no surefire mitigations” and that prompt injection “may simply be an inherent issue with LLM technology.”[2] Because the model is probabilistic, any filter that blocks one phrasing can be reworded around.
References
- LLM01:2025 Prompt Injection — OWASP Gen AI Security Project
- Exercise caution when building off LLMs — UK National Cyber Security Centre