Prompt Engineering & LLM Security
Prompt engineering covers two intersecting angles: crafting effective prompts to steer LLM behavior, and understanding how prompts can be exploited as an attack surface.
Scope
| Angle | Focus |
|---|---|
| Engineering | Writing clear, effective prompts that reliably steer LLM behavior |
| Security | How prompts can be abused — prompt injection, sensitive data disclosure |
Key Concepts
- What prompt engineering is and why it matters
- Best practices: clarity, context/constraints, experimentation
- OWASP LLM Top 10 (2025) — specifically LLM01: Prompt Injection and LLM02: Sensitive Information Disclosure
- Google SAIF (Secure AI Framework) — broader guidance on secure AI systems
- Attack techniques for prompt injection and information disclosure
What to Ingest Next
- Prompt injection attack techniques — hands-on coverage of LLM01:2025
- Sensitive information disclosure techniques — hands-on coverage of LLM02:2025
- Fundamentals of AI — foundational LLM concepts
- OWASP LLM Top 10 for LLM Applications 2025 — full framework (https://genaisecurityproject.com/resource/owasp-top-10-for-llm-applications-2025/)
- Google SAIF risks — full risk breakdown (https://saif.google/secure-ai-framework/risks)
See Also
- prompt-engineering — best practices for writing effective prompts
- prompt-injection — LLM01:2025 and how prompt injection works
- owasp-llm-top-10 — the OWASP framework for LLM security
- google-saif — Google’s Secure AI Framework