Compliance & AI Governance

What is Prompt Injection?

The attack that smuggles instructions into an AI’s input to make it ignore its rules or act against you.

Talk to usFree to start - no card required.

Prompt Injection: definition

Because language models take instructions as text, an attacker can hide instructions inside content the model reads - a document, a web page, an email, a data field - and the model may follow them. Direct injection comes from the user; indirect injection hides in third-party content the model ingests. For agents that can take actions, injection is especially dangerous: a poisoned input could try to make the agent send data or move money.

  • Crafted input overrides the model’s intended instructions
  • Direct: from the user; indirect: hidden in content the model reads
  • Can leak data, bypass guardrails, or trigger unintended agent actions
  • A top AI security risk, especially for action-taking agents

How Fintra handles it

Fintra’s defense does not rely on the model resisting every injection - it gates the consequences. Even if an agent is manipulated into attempting a harmful action, that action hits the governance layer, where policy and human approval stop anything consequential. Injection attempts and anomalous agent behavior are logged, so a manipulated agent cannot quietly exceed its limits.

Worked example

Frequently asked questions

What is the difference between direct and indirect prompt injection?

Direct injection is when the user themselves inputs malicious instructions. Indirect injection hides instructions in third-party content the model later reads - a web page, document, or data field - so the attack can reach a model without the user knowing. Indirect injection is especially insidious for agents.

Why is prompt injection dangerous for AI agents?

Because agents can take real actions. A successful injection might try to make an agent exfiltrate data, bypass a guardrail, or authorize a transaction. That is why robust systems gate consequential actions at enforcement rather than trusting the model to resist manipulation.

Can prompt injection be fully prevented?

No single technique eliminates it, because models are designed to follow instructions in text. The reliable defense is defense-in-depth: input filtering plus, crucially, gating consequential actions so a manipulated model still cannot exceed policy. Fintra takes the latter approach.

How does Fintra defend against prompt injection?

By not depending on the model to resist it: consequential actions run through the governance layer, where policy and human approval stop anything harmful even if an agent is manipulated. Attempts and anomalies are logged, so a compromised agent cannot silently exceed its limits.

Stay in the loop

One practical finance briefing a week - new guides, checklists, and benchmarks.

 

See how Fintra handles the numbers behind this term

Fintra is the AI Finance Operating System for SMBs - accounting, planning, payroll, equity, and AI governance on one shared data model, with a named human approving anything consequential. Free to start, no card required.

Talk to us