CCC.GenAI.TH01: Prompt Injection
Threat ID:CCC.GenAI.TH01
Title:Prompt Injection
Description:
Prompt injection may occur when crafted input is used to manipulate the GenAI model's behaviour, resulting in the generation of harmful or unintended outputs. Prompt injection can be either direct (performed via direct interaction with the model) or indirect (performed via external sources ingested by the model). Both text-based and multi-modal prompt injection is possible.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F14 | API Access | The service exposes a port enabling external actors to interact programmatically with the service and its resources using HTTP protocol methods such as GET, POST, PUT, and DELETE. |
| CCC.GenAI.F15 | Text-Based Prompts | Ability to input prompts in plain text. |
| CCC.GenAI.F16 | Structured Prompts | Ability to provide structured input such as JSON as prompts. |
| CCC.GenAI.F17 | Contextual Prompts | Ability to provide context or background information within the prompt to guide the response. |
| CCC.GenAI.F18 | Interactive Prompts | Ability to use conversational prompts to create interactive dialogues. |
| CCC.GenAI.F19 | Image-Based Prompts | Ability to input an image as a prompt to generate a response. |
| CCC.GenAI.F20 | Custom Template Prompts | Ability to define custom templates or structures for prompts to standardize interactions with the models. |
| CCC.GenAI.F21 | Generate Content | Ability to generate a response given a foundation model, parameter values, and a prompt. |
| CCC.GenAI.F24 | Content Moderation | Ensure the service detects and filters abusive, harmful, and sensitive information to ensure responsible and safe use of the service. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
FINOS-AIGF | AIR-SEC-010 | 0 | Prompt Injection |
SAIF | PIJ | 0 | Prompt Injection |
SAIF | MEV | 0 | Model Evasion |
OWASP-LLM-TOP10 | LLM01:2025 | 0 | Prompt Injection |
MITRE-ATLAS | AML.T0051 | 0 | LLM Prompt Injection |
MITRE-ATLAS | AML.T0051.000 | 0 | LLM Prompt Injection: Direct |
MITRE-ATLAS | AML.T0051.001 | 0 | LLM Prompt Injection: Indirect |
MITRE-ATLAS | AML.T0065 | 0 | LLM Prompt Crafting |
MITRE-ATLAS | AML.T0068 | 0 | LLM Prompt Obfuscation |
MITRE-ATLAS | AML.T0054 | 0 | LLM Jailbreak |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.GenAI.C01 | Model Input Filtering and Sanitisation | Inspect and validate input before it is passed to a GenAI model in order to filter or sanitise adversarial queries and prevent sensitive data leakage. | Data | 2 | 8 | 2 |
| CCC.GenAI.C02 | Model Output Filtering and Sanitisation | Inspect and validate GenAI model output before passing it to users, applications or plugins in order to filter or sanitise insecure or unreliable output and prevent sensitive data leakage. | Data | 5 | 7 | 2 |
| CCC.GenAI.C08 | Quality Control and Red Teaming | Establish a formal program for quality evaluation and adversarial testing (red teaming) to ensure GenAI system meet all business, quality, security and compliance requirements before getting deployed into production environments. | Model Assurance and Evaluation | 5 | 5 | 2 |