AI Prompt Hacking

Key takeaways

• Prompt injection is the hacker’s primary weapon — and it doesn’t require coding skills.

• Vulnerabilities extend far beyond chatbots: APIs, internal apps, and MCP (Model Context Protocol) integrations are all targets.

• Poor API scope and no input validation = an attacker’s dream.

• Standards like MCP bring both power and new risks, from command injection to resource poisoning.

• Real-world breaches have already leaked Salesforce data into AI systems without security teams realising.