Prompt injection and enterprise AI controls: are your safeguards enough?

TL;DR: Prompt injection lets malicious instructions alter LLM behavior across chatbots, copilots, and agents, with IBM reporting that 13% of organisations had experienced AI model breaches and 97% lacked proper AI access controls at the time. The governing problem is that models do not separate trusted commands from untrusted input, so security programmes must treat AI as a runtime control challenge, not just a content filtering problem.

NHIMG editorial — based on content published by WitnessAI: prompt injection mitigation strategies for enterprise AI

By the numbers:

• IBM’s 2025 Cost of a Data Breach Report found 13% of organizations had experienced breaches of AI models, and 97% of those lacked proper AI access controls at the time of breach.

Questions worth separating out

Q: How should security teams handle prompt injection in enterprise AI systems?

A: Start by treating prompt injection as a runtime governance problem, not a content moderation problem.

Q: Why does prompt injection create a bigger risk for AI agents than for chatbots?

A: AI agents can do more than answer questions.

Q: What breaks when an AI system cannot separate instructions from data?

A: The trust boundary breaks first, then the policy boundary follows.

Practitioner guidance

• Map every AI tool path to a privilege boundary Inventory which models, copilots, and agents can reach email, documents, code, tickets, databases, or external APIs.
• Separate input screening from output approval Use pre-execution filtering for prompts and retrieved content, then apply a distinct post-generation check for leaked secrets, harmful instructions, and unauthorized action requests before anything reaches users or downstream systems.
• Tokenize sensitive data before model exposure Replace PII, credentials, and other sensitive records with reversible tokens before they enter prompts or retrieval contexts.

What's in the full article

WitnessAI's full article covers the operational detail this post intentionally leaves for the source:

• A seven-part mitigation model with implementation details for least privilege, tokenization, and approval workflows.
• Examples of bidirectional prompt and response controls for enterprise AI deployments.
• The article's governance and compliance discussion, including audit trail expectations and regulator-facing evidence needs.
• Runtime defense considerations for copilots, RAG pipelines, and autonomous agents that connect to enterprise tools.

👉 Read WitnessAI's analysis of prompt injection mitigation for enterprise AI →

Prompt injection and enterprise AI controls: are your safeguards enough?

Explore further

View Full Forum →  |  NHI Foundation Course →