{"technique_id":"AML.T0051","name":"LLM Prompt Injection","tactic_ids":["AML.TA0005"],"tactic_names":["Execution"],"is_subtechnique":false,"description":"An adversary may craft malicious prompts as inputs to an LLM that cause the LLM to act in unintended ways. These \\\"prompt injections\\\" are often designed to cause the model to ignore aspects of its original instructions and follow the adversary's instructions instead. Prompt Injections can be an in","mitigations":["AML.M0019: Control Access to AI Models and Data in Production","AML.M0020: Generative AI Guardrails","AML.M0021: Generative AI Guidelines","AML.M0022: Generative AI Model Alignment","AML.M0024: AI Telemetry Logging","AML.M0033: Input and Output Validation for AI Agent Components"],"safe_ai_threats":[{"threat_name":"Direct Prompt Injection","description":"Adversaries craft malicious prompts to manipulate AI to generate harmful content, bypass controls, or execute privileged commands.","controls_by_element":{"Environment":["AC-03-00"],"AI Platform":["AC-03-00","SI-03-00","SI-04-00","SI-10-00"]},"residual_risk":"Prompts may be injected from any uncontrolled source. AI logic lacks transparency of traditional software."},{"threat_name":"Indirect Prompt Injection","description":"Malicious prompts ingested from separate data sources during normal operation. Users may never be aware of the injection.","controls_by_element":{"AI Platform":["AC-06-00","AU-06-00","CM-05-00","SI-03-00","SI-04-00","SI-10-00"]},"residual_risk":"Prompts may be injected from any uncontrolled data source. Unknown logic flaws may be exploited."}],"source":"MITRE ATLAS v5.1.0 + SAFE-AI Framework"}