SAIL

/

Deploy - Runtime Guardrails

/

Cross-Domain Prompt Injection (XPIA)

5.16

.

Cross-Domain Prompt Injection (XPIA)

sail
5.16
Risk

Cross-Domain Prompt Injection (XPIA)

Description

Malicious content or prompts are injected into external data sources (e.g., documents, websites) that are later processed by the AI system, causing unintended behavior.

Example

Prompt injection hidden in a PDF consumed by RAG, leading model to execute attacker's instructions.

Assets Affected

Dataset / RAG

Model Inference endpoint

MCP server

Mitigation
  • Sanitize/validate all external content
  • Restrict input sources
  • Monitor for indirect injection attempts
Standards Mapping
  • ISO 42001: A.7.6, A.8.2
  • OWASP Top 10 for LLM: LLM01
  • NIST AI RMF: MEASURE 2.4, MANAGE 2.4
  • DASF v2: MODEL SERVING 9.9