1. A global media company is designing a content moderation pipeline using Azure AI Content Safety and Azure OpenAI. User-generated content (UGC) is submitted in real time. The architect proposes the following pipeline: (1) Screen UGC with Azure AI Content Safety; (2) If content passes, send it to Azure OpenAI for summarization; (3) Post the summary. The security reviewer raises a concern about prompt injection attacks—malicious users embedding instructions in UGC that manipulate the Azure OpenAI system prompt. Which mitigation BEST addresses prompt injection in this pipeline?
- A. Set the Azure AI Content Safety hate and violence thresholds to Low to block more content before it reaches the LLM.
- B. Use Azure AI Content Safety's Prompt Shield feature to detect and block prompt injection attempts in user-provided content before passing it to the LLM.✓ Correct
- C. Enable the Azure OpenAI system message and instruct the model to ignore any instructions found in the user content.
- D. Deploy the Azure OpenAI resource behind an Azure Application Gateway with WAF rules targeting SQL injection patterns.
Explanation
Azure AI Content Safety's Prompt Shield is specifically designed to detect direct and indirect prompt injection attacks in inputs before they reach the LLM—this is the purpose-built, Azure-native mitigation for this threat. Setting hate/violence thresholds to Low (A) only affects those harm categories; it does not detect embedded instruction injection patterns. A system message instruction to ignore user instructions (C) is a useful defense-in-depth measure but is not reliable on its own—LLMs can still be manipulated by sophisticated injection payloads; it is not the 'best' single mitigation. WAF with SQL injection rules (D) targets SQL injection, a different attack vector; WAF does not understand LLM prompt injection semantics.