- In short
- Indirect injection is a malicious instruction that arrives through retrieved content or a tool response the model treats as trustworthy, rather than through the user's own message. Because user-input screening only ever inspects the original user turn, it never sees instructions hidden inside a fetched document or a tool output, so those reach the model after screening has already passed. The fix is to run the same classifier used on user input against retrieved content and tool outputs before they enter the model's context.
Full concept guide coming soon
We are building the in-depth, exam-aligned guide for this knowledge point. In the meantime, explore the prerequisites and related concepts below, watch the official Anthropic Academy lessons, and start an adaptive study session to master it with Archie.
Watch and learn
Official Anthropic Academy lessons first, then hand-picked walkthroughs. Videos load only when you press play.
No videos curated for this concept yet
We are still curating the best official and community videos for this topic.
References & primary sources
Adaptive study
Master this concept with Archie
Practice it inside an adaptive study session. Archie, your Socratic AI tutor, tracks your mastery with Bayesian Knowledge Tracing and schedules the perfect next review.