🟡 Medium  |  Source: AWS Security Blog


System prompts in generative AI applications often contain sensitive proprietary information such as business logic, tool configurations, and role definitions. This AWS blog post addresses the risk of system prompt leakage — where an LLM is manipulated into revealing these instructions — and outlines architectural mitigations to reduce the impact when it occurs. As organisations deploy more AI-powered applications on AWS, understanding and designing around this risk is increasingly important.

Security Architect’s Take: Treat system prompts as sensitive configuration data: avoid embedding credentials or highly sensitive business logic directly within them, implement output filtering to detect leakage attempts, and design your AI application architecture to assume prompt contents will eventually be exposed — using least-privilege tool access and defence-in-depth accordingly.

Original advisory: Designing for the inevitable: System prompt leakage and mitigations in generative AI applications