Direct Prompt Injection: Build the Defense Stack

Cybersecurity for AI · 6 steps

Briefing

You are a cybersecurity AppSec engineer at Example SaaS Co. The product team is shipping an LLM-powered customer-service assistant next week. The model is exposed via authenticated API, system prompt is fixed in code, and tools include 'lookup_order' and 'cancel_order'.

Design the input-side defense stack against direct prompt injection (OWASP LLM01:2025 Prompt Injection). The goal is to keep the residual injection risk to a level the product team can accept, given the tools available.

This scenario tests OWASP LLM Top 10 mapping, layered defense thinking, and the discipline of acknowledging that no defense is complete on its own. Sources: OWASP LLM Top 10 (2025), NIST AI RMF GenAI Profile (NIST AI 600-1, 2024), Greshake et al. 2023 'Not what you've signed up for'.

How Crucible mode works

One ordered pass through every step. No clock. Each answer scores against the canonical solution.

Hints reduce the points you can earn for that step. Free-text steps queue for manual review.

What you will practice

01Identify OWASP LLM01 Prompt Injection in scenario context
02Stack input filtering, system-prompt hardening, and output validation
03Recognize the failure modes of single-layer defenses
04Calibrate residual risk in a written go-live recommendation

Back to Range