Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Getting Started with Prompt Injection

  • Thu, Mar 19, 2026
  • 1:00PM - 2:30PM EDT
  • English
  • Joshua Wright
  • Technical Presentation
Login to register
Webcast Hero

AI systems are transforming how organizations operate, but they introduce an entirely new attack surface. In this session, SANS faulty fellow and author Joshua Wright will explore prompt injection, the #1 risk on the OWASP GenAI Top 10, and demonstrate how attackers manipulate Large Language Models into bypassing security controls and leaking sensitive data.

In this session you will learn about the controls used by language models to protect against misuse, and how attackers manipulate them using multiple techniques including keyword encoding, refusal suppression, format switching, and role play attacks. You will see how prompt injection exposes system prompts, RAG data, and agent integrations, and how it can enable classic injection attacks like command injection and SQL injection through AI interfaces.

At the end of the session we will examine defensive strategies including prompt hardening, multi-chain analysis, Human-in-the-Loop review, and prompt logging for threat hunting. Whether you are building AI systems or securing them, this session will give you the attacker's perspective you need to defend effectively.

Meet Your Speaker

Joshua Wright
Joshua Wright

Joshua Wright

Director and Senior Security Analyst

Joshua Wright, Senior Technical Director at Counter Hack Challenges and author of SEC504, has spent over two decades teaching and building tools that help defenders identify and counter real-world cyber threats through practical, hands-on learning.

Read more about Joshua Wright