What is prompt injection and how do you defend against it?

Prompt injection is an attack where untrusted input contains instructions that trick the model into ignoring its system prompt or revealing sensitive information. Defenses include separating system from user input clearly, validating outputs, using structured output, running content filters on responses, and sandboxing tool execution. There is no perfect defense; defense in depth is essential. ---