It started as a playful curiosity—seeing my LinkedIn title echo back in quirky automated replies. Today, it’s a real risk: attackers, and sometimes just creative users, can slip hidden instructions into fields that agentic systems read. That means generative AI (GenAI) agents could be nudged to leak sensitive data, trigger rogue actions, or undermine your business logic—all without a single firewall being breached.
And the biggest surprise? Many of these vulnerabilities live in places managers often overlook: profile fields, system notes, even customer forms. It’s a wakeup call for any leader betting on automation to drive growth, compliance, or brand trust.
• GenAI now powers everything from sales processing to board reporting, often auto-completing tasks and decisions in the background.
• Every editable field an agent can read—profiles, notes, CRM entries—is a potential entry point for bad actors.
• Low-code and “vibe code” platforms multiply the risk, letting non-experts stitch together automations where input controls are an afterthought.
Recent board discussions are finally catching up, but some sober realities remain:
“Prompt injection is a set of attacks targeting Large Language Models and applications built on top of them. The attacker manipulates the model’s behaviour by injecting crafted input ('prompts') either directly (via user input) or indirectly (via third-party data sources, e.g., a profile field or web page).”
(OWASP GenAI Security Project, 2025)
The upshot? Legacy cyber policies don’t cover this AI-native risk. The attack surface is growing as agentic adoption accelerates.
Here’s the blueprint I share with boards determined to get ahead of the next breach:
Don’t wait for your developers to patch this retroactively. Board-level directive: require every workflow, tool, or integration team to systematically validate and sanitise external data before it hits any GenAI workflow.
Train your non-technical builders—the operations champions using low-code tools—to spot and block these hidden threats. And demand your software vendors show (not just promise) robust filtering, monitoring, and audit trails for all agentic features.
Include AI and agentic system vulnerabilities in your standard audit, incident response, and compliance cycles. This keeps the topic live at exec and board level, even as you scale innovation.
As IBM’s GenAI security teams warn:
“Prompt injection attacks have surfaced with the rise in LLM technology. Sophisticated attackers may use prompts embedded in data fields, emails, or social profiles to alter LLM behaviour, exfiltrate data, or execute unintended business logic. Defence strategies: use contextual filters... audit vendor LLMs for explainability and embedded security controls, and build with defence-in-depth.”
(IBM: Protect Against Prompt Injection, 2025)
And it’s not just theory—NVIDIA’s developer playbooks reinforce:
“Prompt injection is a new attack technique that manipulates Large Language Models (LLMs), and can subvert the intended application behaviour… Top defences: input sanitisation, contextual separation, regular security review of LLM logic, and strong audit logging.”
(NVIDIA Developer Blog, 2025)
AI and agentic workflows can drive down cycle time, boost margin, and even reshape customer loyalties—but not if trust crumbles from silent, creeping threats inside your automation stack. No CISO wants to explain why a prank in a sales form triggered a regulatory incident, or how a competitor learned your product roadmap from a “helpful” chatbot.
C-suite leaders and boards set the tone. Secure your agentic estate early. Set non-negotiable standards for input controls. And demand more than buzzwords from every vendor or head of automation—insist on evidence.
We are only at the beginning of these challenges. Your board’s credibility and your brand's resilience will hinge on whether you chose to see this coming.
Call to Action:
Raise LLM injection at your next board or infosec committee. Direct your teams: "No AI-powered workflow goes to production without input filtering, prompt monitoring, and staff trained in GenAI risks." Make it policy, not preference.
Links:
Quotes: