CrowdStrike warns prompt injection attacks hit over 90 firms in 2025

· Source: Dataconomy · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

CrowdStrike's 2026 Global Threat Report revealed prompt injection attacks impacted over 90 organizations in 2025, with injected prompts acting as malware to steal credentials and cryptocurrency. This contributed to an 89% year-over-year increase in AI-enabled adversary operations, where 82% of intrusions used no traditional malicious code, targeting agents and copilots. Prompt injection remains LLM01 on the OWASP Top 10, highlighting language models' inability to distinguish developer instructions from untrusted text. Incidents like Slack AI data exfiltration in August 2024 and EchoLeak (CVE-2025-32711) against Microsoft 365 Copilot, scoring CVSS 9.3, demonstrate severe vulnerabilities. The attack surface now includes agentic stacks, allowing malicious instructions to persist in long-term memory. OpenAI and Anthropic acknowledge the difficulty of fully solving prompt injection, with reported success rates up to 78.6% for Claude Opus 4.6 over 200 attempts and 53.6% for Google Gemini. Gartner advised CISOs in December 2025 to block AI browsers due to these risks.

Key takeaway

For AI Security Engineers deploying or managing AI agents and copilots, assume models may occasionally follow injected instructions. You must implement robust external controls, including limiting each agent's authority and requiring human approval for critical actions. Prioritize tagging retrieval sources by sensitivity and establish comprehensive auditing practices. When evaluating vendors, ask about their prompt injection detection capabilities, success rates, and adherence to OWASP recommendations.

Key insights

Prompt injection is a persistent, evolving threat leveraging LLM inability to distinguish trusted instructions, leading to credential theft and data exfiltration.

Principles

In practice

Topics

Best for: CTO, VP of Engineering/Data, AI Architect, AI Security Engineer, MLOps Engineer, Director of AI/ML

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Dataconomy.