UK NCSC guidance shifts prompt injection defense in LLMs to residual-risk controls
Defensive Guidance
Summary
Hide ▲
Show ▼
The UK NCSC warned that prompt injection in LLMs may never be fully eliminated, so defenders should focus on reducing residual risk instead of expecting a perfect fix. The guidance recommends non-LLM safeguards that limit tool/API access, separate data from instructions, and improve monitoring for suspicious activity. It also aligns those controls to ETSI TS 104 223, reinforcing the need for operational discipline and containment when AI systems can act on external input.
Related Happenings
ICO releases five-step AI cyber guidance
Public Sector Action
First: 14.05.2026 12:00
Last: 14.05.2026 12:00
Sources 1
About this happening:
The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
ICO releases five-step AI cyber guidance
Public Sector ActionAbout this happening: The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...
AISI and NCSC guidance on cybersecurity basics after Mythos Preview testing
Public Sector Action
First: 14.04.2026 12:30
Last: 14.04.2026 12:30
Sources 1
About this happening:
The **UK AI Security Institute (AISI)** and **National Cyber Security Centre (NCSC)** urged organizations to strengthen **cybersecurity basics** after evaluating **Anthropic’s Myt...
AISI and NCSC guidance on cybersecurity basics after Mythos Preview testing
Public Sector ActionAbout this happening: The **UK AI Security Institute (AISI)** and **National Cyber Security Centre (NCSC)** urged organizations to strengthen **cybersecurity basics** after evaluating **Anthropic’s Myt...
CISA April 7 Rockwell Automation/Allen-Bradley PLC mitigation advisory
Advisory/Mitigation
First: 08.04.2026 11:15
Last: 08.04.2026 11:15
Sources 1
About this happening:
**CISA** and authoring agencies issued **April 7** mitigation guidance for **internet-facing OT assets**, warning that **US critical infrastructure** operators using **Rockwell Au...
CISA April 7 Rockwell Automation/Allen-Bradley PLC mitigation advisory
Advisory/MitigationAbout this happening: **CISA** and authoring agencies issued **April 7** mitigation guidance for **internet-facing OT assets**, warning that **US critical infrastructure** operators using **Rockwell Au...
F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)
Vulnerability
First: 30.03.2026 10:07
Last: 30.03.2026 10:07
Sources 1
About this happening:
**CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...
F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)
VulnerabilityAbout this happening: **CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...
UK NCSC issues Middle East indirect-risk guidance on monitoring, MFA, backups, and contingency planning
Defensive Guidance
First: 02.03.2026 17:00
Last: 02.03.2026 17:00
Sources 1
About this happening:
The **UK NCSC** issued guidance for organizations with **Middle East exposure**, urging immediate controls to reduce spillover risk from the regional escalation. The recommended r...
UK NCSC issues Middle East indirect-risk guidance on monitoring, MFA, backups, and contingency planning
Defensive GuidanceAbout this happening: The **UK NCSC** issued guidance for organizations with **Middle East exposure**, urging immediate controls to reduce spillover risk from the regional escalation. The recommended r...
Timeline
-
09.12.2025 13:30 2 articles · 5mo ago
UK NCSC shifts prompt injection defense to residual risk
Mitigation Patch UpdateUK NCSC guidance warns that prompt injection in LLMs may never be fully mitigated because LLMs do not inherently separate data from instructions. The recommended controls focus on reducing residual risk through secure LLM design, limiting privileged tool/API access, separating data from instructions, and monitoring for suspicious activity such as failed tool/API calls. The guidance is aligned to ETSI TS 104 223 and notes that some systems may not be suitable for LLM use if the remaining risk is unacceptable.
Show sources
- UK NCSC Raises Alarms Over Prompt Injection Attacks — www.infosecurity-magazine.com — 09.12.2025 13:30
- UK NCSC Raises Alarms Over Prompt Injection Attacks — www.infosecurity-magazine.com — 09.12.2025 13:30