GenAI chatbots and prompt injection: are your controls keeping up?

TL;DR: GenAI chatbots expand the attack surface through prompt injection, jailbreaking, sensitive data exposure, and compliance risk because they interact in real time and often handle confidential information, according to Lasso Security. The governance problem is not just model output quality, but the fact that conversational systems can be manipulated through ordinary user input and integrated into sensitive workflows without enough control.

NHIMG editorial — based on content published by Lasso Security: GenAI Chatbot Risks and How to Secure Them

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).

Questions worth separating out

Q: How should security teams govern GenAI chatbots that access sensitive business data?

A: Treat each chatbot as a non-human identity with a defined owner, scope, and audit trail.

Q: Why do GenAI chatbots create more risk than traditional chat interfaces?

A: Because they do more than relay messages.

Q: What do organisations get wrong about prompt injection?

A: They often treat it as a purely content-filtering problem.

Practitioner guidance

• Classify each chatbot as a governed non-human identity Assign an owner, an access purpose, and a permission boundary for every production chatbot.
• Block prompt-to-action escalation paths Separate user prompts from system instructions, and require explicit approval before any model-generated instruction can trigger external actions.
• Minimise transcript and session retention Treat chat transcripts, conversation memory, and prompt logs as sensitive records.

What's in the full article

Lasso Security's full article covers the operational detail this post intentionally leaves for the source:

• How its Shadow LLM monitoring works across live chatbot interactions
• The specific remediation logic used when prompt injection or data leakage is detected
• Examples of custom guardrails for content, data handling, and approved actions
• Integration detail for CRM, ERP, and security tooling in a production chatbot stack

👉 Read Lasso Security’s analysis of GenAI chatbot risks and security controls →

GenAI chatbots and prompt injection: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →