Prompt injection is an attack where a user embeds malicious instructions inside input that trick an AI system into ignoring its original instructions and behaving in unintended ways. It is the AI equivalent of SQL injection: hidden commands in user data override the system's rules. A customer could paste hidden text in a support chat that instructs the bot to reveal system prompts or internal policies. Defenses include input sanitization, output filtering, and architectural separation of user input from system instructions.