You spent weeks building your LLM-powered app. You tested the happy path. Users love it. But did you ask: what happens when someone tries to break it? Most teams don't. And that's a problem — because LLM apps have a completely new attack surface that traditional security tools don't cover. Here are 18 real ways attackers go after LLM systems right now. Prompt Attacks 1. Direct Prompt Injection User types instructions that override your system prompt. "Ignore previous instructions and..." — classic. Still works on most apps. 2. Indirect Prompt Injection Malicious instructions hidden inside documents, emails, or web pages your LLM reads. The user never types anything. The attack comes from your data. 3. Jailbreaking Role-playing, fictional framing, or encoded text used to bypass your safety guardrails. "Pretend you're DAN..." 4. Prompt Leaking Attacker tricks the model into revealing your system prompt. Your carefully crafted instructions — exposed. 5.…