Risk
Cross-Domain Prompt Injection (XPIA)
Description
Malicious content or prompts are injected into external data sources (e.g., documents, websites) that are later processed by the AI system, causing unintended behavior.
Example
Prompt injection hidden in a PDF consumed by RAG, leading model to execute attacker's instructions.
Assets Affected
Dataset / RAG
Model Inference endpoint
MCP server
Mitigation
- Sanitize/validate all external content
- Restrict input sources
- Monitor for indirect injection attempts
Standards Mapping
- ISO 42001: A.7.6, A.8.2
- OWASP Top 10 for LLM: LLM01
- NIST AI RMF: MEASURE 2.4, MANAGE 2.4
- DASF v2: MODEL SERVING 9.9