Prompt injection attacks involve maliciously crafted inputs intended to override system instructions, exfiltrate data, or cause harmful behavior. The most effective control aligned with incident management is to deploy robust input validation and sanitization (C), which includes rules and filters designed to detect and neutralize potentially malicious content before it reaches the model. AAIA’s coverage of AI threats and vulnerabilities highlights the importance of input validation and secure prompt handling for generative AI systems.
Fine-tuning the model (A) is a long-term adaptation, not an immediate incident control. Scanning for code-like structure (B) or excessive special characters (D) may catch some attacks but are too narrow; many prompt injections use natural language. Comprehensive input validation and sanitization is the most effective and generalizable incident management response.
[References:, ISACA, AAIA Exam Content Outline – Domain 5: Ethical and Legal Considerations in AI; AI-specific threats and incident management., ISACA AI security guidance covering prompt injection and input validation controls., , ]
Submit