Mitigating Stored Prompt Injection Attacks Against LLM Applications

Language models (LLMs) are given prompt text and generate responses based on trained data. To enhance the prompt, some AI applications capture user input and add retrieved information before sending it to the LLM.
Information retrieval systems can be used to perpetrate prompt injection attacks by modifying the retrieved information.
Developers can mitigate this risk by constraining all data entering the information store and applying input sanitization practices based on the application's context and threat model.