Agentic Playbook #03
How We're Inviting the Threat In
Prompt injection is an AI-era equivalent of SQL injection, with emerging security risks across hidden payloads, malicious extensions, and unverified third-party tools.
AI-assisted workflows introduce new trust boundaries. Prompt injection is dangerous because instructions can arrive through content the developer did not treat as executable: documents, pages, comments, or third-party material.
The risk grows when agents can read, write, browse, or call tools. A hidden instruction can attempt to redirect behavior, leak information, or undermine the user's intended task.
The mitigation is not panic. It is controlled tool access, source awareness, reviewable actions, and a security model that treats untrusted context as untrusted input.