Security · Guides & Explainers
The Quiet Zero-Day: Prompt Injection in Your AI Supply Chain
Security teams are waking up to a class of vulnerabilities that traditional scanners simply cannot see.
Your AI assistant reads a customer email, follows an instruction hidden inside it, and exfiltrates an internal document. No malware was deployed. No credentials were phished. Welcome to prompt injection.
Why traditional defenses fail
Antivirus, EDR and DLP tools were built to detect code and known patterns. Prompt injection is a natural-language attack that travels inside legitimate content — a support ticket, a calendar invite, a PDF.
Three real incidents
- An enterprise summarizer leaked board-level emails after processing a malicious meeting note
- A coding agent committed a backdoored dependency after reading a poisoned README
- A customer-service bot issued unauthorized refunds after parsing a crafted complaint
Defenses that actually help
- Treat all retrieved or user-supplied text as untrusted, always
- Separate the model that reads from the model that acts
- Require human approval for high-impact tool calls
- Log every tool invocation with the prompt that triggered it
Frequently asked questions
- Can a model be patched against prompt injection?
- Not fully. Mitigations reduce risk but the underlying problem is architectural and requires defense in depth.
- Is prompt injection covered by existing security frameworks?
- OWASP now includes it in its LLM Top 10, and several national CERTs have issued guidance.
About the author
Aisha N'Diaye
Aisha N'Diaye writes for Ravir Press on technology, AI and the policy frontier. Tips welcome at editor@ravirpress.com.
More from Guides & Explainers
What Is Retrieval-Augmented Generation? A Clear Explainer for 2026
RAG has gone from niche pattern to default architecture. Here is what it is, why it works and where it falls down.