5 min read·Updated July 16, 2026

What is LLM security (and what is prompt injection)?

LLM security protects large-language-model and AI-agent systems from risks traditional application security misses — prompt injection, data leakage, jailbreaks, and over-permissioned agents.

Definition

LLM security is the practice of protecting systems built on large language models — chatbots, copilots, retrieval-augmented apps, and autonomous agents — from misuse and compromise. It addresses failure modes that classic application security was never designed for, because the model itself interprets untrusted natural-language input as instructions.

Prompt injection

Prompt injection is the top LLM-specific risk. An attacker plants instructions in content the model will read — a web page, a document, an email, a support ticket — that override the developer's intended behavior. Indirect prompt injection is especially dangerous for agents that browse or ingest external data, because the malicious instruction arrives inside otherwise-normal content.

Testing for prompt injection means probing whether untrusted input can change the system's behavior, exfiltrate hidden context, or trigger tools it shouldn't.

Data leakage and jailbreaks

Data leakage happens when a model reveals sensitive context — system prompts, other users' data, secrets, or PII — through crafted queries. Jailbreaks bypass safety and policy constraints to make the model produce prohibited output or take prohibited actions. Both are assessed by adversarially prompting the system and inspecting what it discloses or does.

Over-permissioned agents

The highest-impact LLM risk is an agent with real permissions — the ability to send email, move money, modify records, or call internal APIs — combined with a prompt-injection weakness. The mitigation is least privilege: scope every tool and credential tightly, require confirmation for irreversible actions, and log everything. An assessment reviews exactly which actions an agent can take and whether untrusted input can trigger them.

Governance

Beyond testing, LLM security needs governance: an acceptable-use policy, data-handling rules for what may enter prompts, human-in-the-loop checkpoints for consequential actions, and monitoring. AISymmetric Aegis pairs prompt-injection, data-leakage, and agent-permission testing with a practical governance framework so AI can be deployed safely.

Frequently asked

What is the difference between prompt injection and jailbreaking?
Jailbreaking bypasses a model's safety rules to produce prohibited output. Prompt injection overrides the application's intended instructions using untrusted input — often hidden inside content the model reads — and is especially dangerous for agents with tool access.
Can traditional application security tools catch LLM vulnerabilities?
Largely no. Traditional tools look for code-level flaws; LLM risks arise from the model interpreting natural language as instructions. Assessing them requires adversarial prompting and a review of agent permissions and data flows.
How do you test an AI agent for security issues?
By enumerating every tool and permission the agent holds, then attempting indirect prompt injection through the data it ingests to see whether untrusted input can trigger sensitive actions or leak context — all under explicit authorization.

Want this checked on your own systems? Start with a free, passive Quick Scan.

Run a free Quick Scan