AI ‘Prompt’ trap: New cyber threat to corporate data, warns Hyderabad CP Sajjanar

Hyderabad: With Artificial Intelligence rapidly becoming the backbone of business operations, a new cyber threat known as ‘Prompt Injection’ is emerging as a major risk to company databases and customer information, Hyderabad Police Commissioner VC Sajjanar, IPS, cautioned on Monday.

In a public advisory shared on X (formerly Twitter), the Commissioner urged companies to strengthen their AI security frameworks, warning that negligence could result in serious data breaches and financial losses.

What is ‘Prompt Injection’?

A prompt is the instruction or command given to an AI system to generate a response. Cyber attackers are now exploiting this core feature itself by feeding malicious and deceptive prompts to manipulate AI models.

By cleverly wording these commands, attackers can bypass safety controls, confuse the AI system, and extract confidential information. In simple terms, prompt injection is a way of ‘tricking AI with words’ into revealing sensitive data that it is not supposed to disclose.

AI use is growing across industries

From small startups to large multinational corporations, businesses today are increasingly deploying AI-powered chatbots to answer customer queries instantly, automate routine operations, improve efficiency and reduce operational costs.

While these tools are transforming the way companies work, the Commissioner warned that rapid adoption without adequate safeguards is opening new doors for cybercriminals.

Corporate data is at serious risk

Many companies have integrated their AI chatbots with critical internal systems, including customer Relationship Management (CRM) platforms, helpdesk and ticketing systems, employee personal records and financial and accounting databases.

While this improves speed and service, it also means that a single successful prompt injection attack can expose vast volumes of confidential business and customer data, posing a major cybersecurity threat.

‘Guardrails’ are the only strong defence

The Police Commissioner stressed that organisations must urgently deploy strong AI security guardrails.

He cautioned that a single-layer security system is no longer enough in today’s evolving cyber threat landscape. Instead, he advised companies to follow a multi-layered defence strategy to ensure that AI platforms remain secure.

Key safety measures suggested

1. Model-level security: AI systems must be trained with strict safety rules and hard-coded restrictions to prevent leakage of sensitive information.

2. Prompt-level security: Systems should be capable of detecting and blocking malicious prompts in real time.

3. System-level security: Strong controls must be enforced over databases and APIs connected to AI platforms.

4. Security Audits and Access Control: Regular security audits should be conducted and data access must be limited strictly on a need-to-know basis.

Ignoring the threat can be costly

Warning of severe consequences, Commissioner Sajjanar said failure to implement proper AI security could lead to large-scale data breaches, operational paralysis, heavy financial losses, and permanent damage to corporate reputation.

“Without adequate safeguards, valuable organisational data can easily fall into criminal hands, causing damage that may be impossible to repair,” he warned.