Slide 7 · Poisoning vs Prompt Injection
The line between LLM04 and LLM01.
They get confused constantly. The difference is timing.
When: at runtime, inside the prompt.
What's wrong: the input is hostile; the model is fine.
Fix point: filter and structure the inputs.
When: during training, before deployment.
What's wrong: the model itself is corrupted; the input can be innocent.
Fix point: data provenance and pipeline integrity.
They can also combine: OWASP notes poison can be delivered via prompt injection when user interactions feed back into training. The categories overlap at the edges — but the core distinction is when the damage is done.
One Line to Remember
Injection attacks the question. Poisoning attacks the brain.