{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib5unmndtro7xhjdr3pjuhlzsxruzrkk77k2cflqlqhjzvukrfxgu",
    "uri": "at://did:plc:kyxdufbi5qaljy7bxivztuhy/app.bsky.feed.post/3meyzrfunhqv2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreif2fzurlaalzbmj5lebbpxdso67v4kfvkrwjqylrba55ziy7ifwyi"
    },
    "mimeType": "image/jpeg",
    "size": 48502
  },
  "path": "/blog/archives/2026/02/the-promptware-kill-chain.html",
  "publishedAt": "2026-02-16T12:04:01.000Z",
  "site": "https://www.schneier.com",
  "tags": [
    "Uncategorized",
    "AI",
    "LLM",
    "malware",
    "prompt injection"
  ],
  "textContent": "\n\nAttacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple, singular vulnerability. This framing obscures a more complex and dangerous reality. Attacks on LLM-based systems have evolved into a distinct class of malware execution mechanisms, which we term “promptware.” In a ...",
  "title": "The Promptware Kill Chain"
}