How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Indirect prompt injection attacks — where malicious instructions are hidden inside web content, emails, or external data that AI reads — are now ranked as the top LLM security threat by OWASP. Unlike direct attacks, these require zero user interaction. Real-world examples include API key theft and unauthorized system redirection. Major AI companies are actively working on defenses, but the threat won't disappear anytime soon.