Lesson 1 of 8
AI's new attack surface
6 min read
A search engine just answers. An AI assistant reads your files, browses the web, and acts for you — so a trick or a slip can do real damage. Security here isn't paranoia; it's part of using the tool well.
It reads everything as instructions
An assistant can't cleanly separate your orders from text it happens to read — a web page, an email, a document. It all arrives as one stream of words, and the model treats the whole thing as something to act on. That opening is called prompt injection.
The core shift: the AI acts on text from sources you don't control, mixed in with your own.
Three places things go wrong
Risk lives in three spots: what goes in (your prompt and the content it reads), what it does (tools, actions, memory), and what comes out (answers you might trust too much). Every lesson here maps to one of the three.
Input, action, output — most AI risks are a version of one of these three.
None of this means AI is unsafe to use. It means using it well includes a little awareness — the same way you already glance at a link before clicking.
What to carry forward
- —An assistant blends your instructions with text it reads — outside text can steer it.
- —Risk shows up at input, action, and output.
- —A few simple habits cover most of it — the rest of this course builds them.
Why is an AI assistant a bigger security question than a plain search box?
Continue in the app
Take the whole AI Security for Everyone course — tracked
Get your personalized path, progress and streaks in the app — this lesson and every next one, in order.