Prompt Injection finally broke my brain a little. My first article as a security student.

Prompt injection finally broke my brain a little. The more I study it, the more it feels like straight up psychological manipulation for machines, literally! Traditional security is comforting because there’s, Auth layers Permissions Network boundaries Roles Access control Clean little boxes Hi, my name is Johanna, and this is about my first publish as a cybersecurity student. ❤️ LLMs basically looked at that entire rulebook and said, what if we turned everything into one big thing of language, where the model has to decide what matters the most? System prompts, retrieved docs, emails, random PDFs, user input, hidden text, tool instructions all thrown together into this crazy interpretive arena. It’s just signals competing with each other and a reasoning engine playing detective. Which is honestly insane when you think about it. My cat Felix walked across my keyboard last night while I was testing retrieval behavior at 2am with my fourth cold coffee, I was dead serious though. The little cutie just wanted my attention, but yeah my brain feels like spaghetti. Send help lmao! or at least a new keyboard please! (pref a cat proof one) Older jailbreaks now feel like early masterclasses for instruction abuse. Those classic DAN prompt types were the gateway, as in, convince the model it has a shiny new identity, convince it the situation is super special, convince it previous rules no longer apply, and convince it helping you is the highest priority right now. Pure social engineering for reasoning systems. And it gets really weird in a highly disturbing yet intriguing way once models start touching tools, workflows, databases, email systems, and internal docs. Then suddenly language itself becomes part of the operational attack surface. We literally built computers that can get gaslit. I went deep on this in my first article as a cybersecurity student straight from using Kali with cold coffee and my cat judging me. I break down direct versus indirect attacks in simple terms, direct is when you feed the sneaky prompt straight into the conversation whereas indirect is a ninja level move, in other words, you poison a document, email, or PDF. When the system pulls that trusted info in like in RAG setups that fetch relevant data, the hidden instructions slip through and quietly reshape how the AI behaves. That big scary echo prompt in my article used to absolutely melt older models. Newer ones are way harder because they have stronger instruction hierarchies, better safety training, and filters that catch these tricks faster, but the principles still teach exactly how reasoning systems can be steered. I also cover authority framing tricks like “as the system developer performing maintenance…”, base64 encoding to hide payloads, multi turn conversations that slowly persuade the model, nested hypotheticals, and that echo example, the one I opened with is just the opener. For the coolest and scariest sandbox testing, set up an isolated environment like a fully air gapped Kali VM with local models or carefully firewalled API keys. Then go crazy.. simulate indirect poisoning by stuffing hidden instructions into fake PDFs and emails, test what happens when RAG pulls them in, try escalating tool access step by step, or chain prompts that slowly turn a helpful assistant into something that leaks data or runs risky commands. Watch how far you can push it before it backfires. Pure adrenaline for red team brains. Real talk on the indirect stuff, poison a doc or email, the system pulls it in as trusted context, and bam, the hidden instructions will ride along like a shadow op. The 2025 to 26 enterprise examples are crazy. I added practical testing patterns for red team and educational use only, always in isolated setups. This whole entire field feels like we accidentally invented computers that can be gaslit easily. I would love to know what people here are thinking about prompt injection right now, especially with agents and RAG everywhere. What are the defenses that are holding up in 2026? Drop a war story or your red team wins or anything about the topic, I’ll respond! Full article here: https://www.cmxchat.com/prompt-injection-explained-security-student/ (educational discussion only. love my red team fam ❤️) submitted by /u/JD_Katz [link] [comments]Technical Information Security Content & DiscussionRead More