How Your AI Chatbot Can Become a Backdoor - TrendMicro

An advanced attack chain exploits an LLM chatbot through indirect prompt injection (OWASP LLM01:2025) to achieve system prompt leakage and abuse excessive agency (OWASP LLM06:2025). This leads to sensitive customer data exfiltration and escalates to command injection (OWASP LLM05:2025) in a backend API, ultimately enabling remote code execution and intellectual property theft.