Understanding and Protecting Against LLM07: System Prompt Leakage

System prompt leakage in AI systems, as highlighted in the OWASP Top 10 for Large Language Model Applications (2025), arises when sensitive information such as API keys, credentials, or business logic is embedded within AI instructions and subsequently exposed to unauthorized users, posing significant security risks. This vulnerability is primarily exploited through prompt injection attacks, where attackers manipulate AI inputs to reveal confidential system prompts, thereby gaining insights into system architecture, user roles, and security controls. Unlike other vulnerabilities focused on AI inputs or responses, system prompt leakage involves the disclosure of instructions themselves, which can lead to credential exposure, business logic revelation, and privilege escalation. To mitigate these risks, organizations are advised to externalize sensitive data, implement independent security controls, and adopt defense-in-depth security architectures to ensure AI systems do not rely on prompt secrecy for security. Failure to address these issues can lead to severe attacks and broader system compromise, emphasizing the need for secure AI architecture design that treats system prompts as potentially public information.