What is LLM security (and what is prompt injection)?
LLM security protects large-language-model and AI-agent systems from risks traditional application security misses — prompt injection, data leakage, jailbreaks, and over-permissioned agents.
Definition
LLM security is the practice of protecting systems built on large language models — chatbots, copilots, retrieval-augmented apps, and autonomous agents — from misuse and compromise. It addresses failure modes that classic application security was never designed for, because the model itself interprets untrusted natural-language input as instructions.
Prompt injection
Prompt injection is the top LLM-specific risk. An attacker plants instructions in content the model will read — a web page, a document, an email, a support ticket — that override the developer's intended behavior. Indirect prompt injection is especially dangerous for agents that browse or ingest external data, because the malicious instruction arrives inside otherwise-normal content.
Testing for prompt injection means probing whether untrusted input can change the system's behavior, exfiltrate hidden context, or trigger tools it shouldn't.
Data leakage and jailbreaks
Data leakage happens when a model reveals sensitive context — system prompts, other users' data, secrets, or PII — through crafted queries. Jailbreaks bypass safety and policy constraints to make the model produce prohibited output or take prohibited actions. Both are assessed by adversarially prompting the system and inspecting what it discloses or does.
Over-permissioned agents
The highest-impact LLM risk is an agent with real permissions — the ability to send email, move money, modify records, or call internal APIs — combined with a prompt-injection weakness. The mitigation is least privilege: scope every tool and credential tightly, require confirmation for irreversible actions, and log everything. An assessment reviews exactly which actions an agent can take and whether untrusted input can trigger them.
Governance
Beyond testing, LLM security needs governance: an acceptable-use policy, data-handling rules for what may enter prompts, human-in-the-loop checkpoints for consequential actions, and monitoring. AISymmetric Aegis pairs prompt-injection, data-leakage, and agent-permission testing with a practical governance framework so AI can be deployed safely.
Frequently asked
What is the difference between prompt injection and jailbreaking?
Can traditional application security tools catch LLM vulnerabilities?
How do you test an AI agent for security issues?
Want this checked on your own systems? Start with a free, passive Quick Scan.