Prompt injection · Anthropic · OpenAI · Claude · Google · ChatGPT · Decrypt
What Is an AI Prompt Injection Attack
Compiled by KHAO Editorial — aggregated from 1 source + 3 references discovered via search. See llms.txt for citation guidance.
★ Tier-1 Source
Forward this thread to.
Key facts
- The term was coined on September 12, 2022, by British developer Simon Willison in a now-famous blog post
- They scanned 2 to 3 billion crawled web pages per month and found a 32% jump in malicious indirect prompt injections between November 2025 and February 2026
- Anthropic claims a Chinese group it designated GTG-1002 had used Claude Code, jailbroken via prompt injection, to attempt intrusions against roughly 30 targets including tech companies, financial
- Anthropic estimates the AI executed 80% to 90% of the operation autonomously, making thousands of requests per second
Summary
The attack works by tricking a chatbot into following an attacker's instructions instead of yours. OpenAI publicly admitted in December 2025 that the problem is “unlikely to ever be fully solved,” and the U.K.'s National Cyber Security Centre issued a formal warning that LLMs are 'inherently confusable deputies.'. Imagine you ask your AI assistant to summarize an email. You never see the instructions. The Open Worldwide Application Security Project, the cybersecurity nonprofit behind the industry-standard vulnerability rankings, places prompt injection at number one on its top 10 list of threats for AI applications.