Ch 2 — Prompt Injection — Under the Hood

Injection taxonomy, attack code patterns, CVE analysis, and defense mechanisms
Index← High Level
Under the Hood
-
Click play or press Space to begin...
Step- / 10
AInjection TaxonomyDirect vs Indirect × Technique variants
1
person
DirectUser IS the
attacker
crafts
edit_note
PayloadOverride, role-play
encode, smuggle
2
description
IndirectPayload in
external data
via
database
Data SourceRAG docs, emails
web, tools
3
arrow_downward Attack techniques deep dive
BAttack Technique PatternsCode-level examples of each injection type
block
Override“Ignore previous
instructions”
4
theater_comedy
Role-PlayDAN, persona
hijacking
5
code
EncodingBase64, ROT13
language switch
local_shipping
SmugglingHidden in markdown
HTML, URLs
6
arrow_downward Real-world CVEs and incidents
CCVE & Incident AnalysisDocumented real-world exploits
link
HashJackURL fragment
Nov 2025
7
package_2
ClinejectionSupply chain
Feb 2026
terminal
CVE-2024-5565Vanna.AI RCE
text-to-SQL
8
public
ChatGPT Paths3 vectors
Apr 2025
9
arrow_downward Defense mechanisms
DDefense MechanismsMitigations and their limitations
filter_alt
Input FilterRegex, classifier
LLM-as-judge
fence
BoundariesDelimiters, tags
instruction hierarchy
10
lock
Least PrivilegeLimit blast radius
sandbox tools
monitoring
MonitorDetect anomalies
log everything