← Back to glossary
AI & AutomationUpdated 2026-07-06

Prompt injection

An attack in which adversarial text placed in a model's input attempts to override its original instructions and make it take unintended actions.

In more detail

Prompt injection exploits the fact that a model treats its input as instructions. If a workflow feeds the model untrusted content, such as an incoming email, a web page, or a document, that content can contain text crafted to hijack the model: ignore your rules, exfiltrate this data, take this action. For an agent that can call tools, the stakes rise from a bad answer to an unwanted action.

There is no single fix. Defenses layer together: separating trusted instructions from untrusted data, constraining what tools a step can call, validating outputs, and keeping a human in the loop before consequential actions. Treating all external content as untrusted is the baseline posture.

Where this shows up at Ceven

Ceven's design limits the blast radius of prompt injection with human-approval gates before consequential actions and a full audit trail of what each step did. Because a workflow's write actions can require human sign-off, a manipulated step cannot silently take an irreversible action on the customer's connected tools without review.

Related terms

See it in production.

Start free