LOGBOOK

HELP

Quiz Entry - updated: 2026.07.01

What do attackers actually want from prompt injection — beyond "extracting secrets"?

System-prompt leakage, sensitive-info disclosure, safety-guardrail bypass, misinformation induction, unauthorized tool execution, and resource exhaustion.

It's tempting to think prompt injection is only about stealing secrets, but the goals span the whole CIA triad and then some — confidentiality, integrity, and availability are all on the menu, plus turning the model into an actor that takes real-world actions. Knowing the full goal set explains why a leak-only defense is never enough.

  • System prompt leakage extracts the hidden instructions and security-control logic — useful reconnaissance for crafting the next, sharper attack.
  • Sensitive information disclosure steals PII, credentials, training data, internal documents, or anything else sitting in the context window (a confidentiality breach).
  • Safety guardrail bypass forces the model to generate prohibited, harmful, or policy-violating content.
  • Misinformation induction pushes the model to emit false, biased, or misleading output — an integrity attack on what users are told to trust.
  • Unauthorized tool execution invokes connected APIs or plugins with attacker-controlled parameters — the agentic risk, where words become deeds.
  • Resource exhaustion triggers denial of service or inflates operating costs — an availability/financial attack.

Tip: As LLMs gain tools and agency, unauthorized tool execution becomes the scariest goal — injection stops being "say bad words" and becomes "take bad actions."

From Quiz: PRIVACY / Privacy in AI & ML — Differential Privacy, Synthetic Data & LLM Security | Updated: Jul 01, 2026