← Back to glossary
Glossary

Indirect Prompt Injection

Reviewed 20 March 2026 Canonical definition

Indirect prompt injection is an attack where malicious instructions are embedded in data the agent retrieves — such as documents, emails, or web pages — rather than in the user's direct input. It is one of the hardest agent threats to defend against.

Related articles

Security How to Analyze Multi-Agent AI Attack Surfaces MCP Where MCP Security Breaks: Common Attack Vectors and Prevention Security Beyond the Prompt: Securing Agent Behavior, Not Just Access

Related terms

ID Token (OIDC)Identity Provider (IdP)Immutable Audit LogInferenceInfrastructure as Code (AI)Inherent Risk (AI)