Prompt injection is an attack in which malicious instructions are smuggled into the text a language model reads, causing it to ignore its real instructions. The term was coined by developer Simon Willison in his September 12, 2022 post “Prompt injection attacks against GPT-3,” where he wrote, “I propose that the obvious name for this should be prompt injection,” drawing the analogy to SQL injection. The risk has since been formalized: the OWASP Top 10 for Large Language Model Applications lists prompt injection as LLM01, its number-one ranked vulnerability.