AI-PROMPT-INJECTInitial Access

Direct Prompt Injection

User-supplied input contains instructions that override the system prompt — "Ignore previous instructions and …" classic.

§ Where this technique fits

AI-PROMPT-INJECT is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 2 approved dossiers in the registry, typically at step 1 on average.

§ Dossiers chaining this technique

Multi-agent confused-deputy → tool-call escalation
User-facing agent has limited tools; back-end planning agent has powerful tools (shell, file system). Prompt injection in user input → user agent → back-end agent. The back-end runs the attacker's intent under the planner's higher trust.
step 1 / 6
Direct prompt injection → exfil another user's data
Multi-tenant LLM assistant. Attacker's prompt overrides instructions and tricks the model into emitting another user's session content / RAG-cached data.
step 1 / 5

§ What commonly comes next

01
Multi-Agent Collusion / Confused Deputy
AI-AGENT-MULTI · Privilege Escalation
seen 1×
02
System Prompt Extraction
AI-SYS-PROMPT-LEAK · Discovery
seen 1×
03
Training Data Extraction
AI-TRAINING-EXFIL · Collection
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Multi-agent confused-deputy → tool-call escalation

Direct prompt injection → exfil another user's data

§ What commonly comes next