InjectShield

Which compliance frameworks require prompt-injection defense (SOC 2, ISO 42001)?

As of 2026, prompt-injection defense is increasingly treated as a required control under multiple compliance frameworks — not always named explicitly, but covered under existing input-validation, threat-modeling, and AI-risk-management criteria.

SOC 2 (Type II). The Trust Services Criteria (Security, Confidentiality, Processing Integrity) require demonstrated controls for input validation and threat modeling on production systems handling customer data. For LLM-powered SaaS, auditors increasingly request evidence of prompt-injection threat modeling, classifier deployment, and incident-response procedures — typically mapped to CC6.1 (logical access), CC7.2 (system monitoring), and CC7.3 (incident response). InjectShield verdict logs satisfy the monitoring evidence requirement.

ISO/IEC 42001:2023 — AI Management Systems. The first formal AI-specific ISO standard. Clauses 8.2 (operational planning) and 8.3 (risk treatment) explicitly require addressing AI-specific threats; OWASP LLM Top 10 is the most-cited threat catalog auditors reference. A.6.2 controls require input validation specific to AI systems. Prompt-injection defense is effectively a Annex A control item under most auditor interpretations.

NIST AI RMF (2023, with 2024 generative-AI profile). MEASURE 2.6 (safety and security testing) and MANAGE 2.4 (incident response for AI risks) call out prompt injection as a tracked risk class.

EU AI Act (2024-2026 phased enforcement). Article 15 (accuracy, robustness, cybersecurity) requires high-risk AI systems to be resilient against attempts to manipulate use through input — prompt injection is squarely in scope.

HIPAA / GDPR / state privacy laws. Not AI-specific, but a prompt-injection-driven data leak triggers the same breach-notification obligations as any other exfiltration. LLM06 (sensitive disclosure) is the typical chain endpoint.

FedRAMP / FISMA. AI/ML overlay (draft 2025) is incorporating OWASP LLM Top 10 by reference.

InjectShield publishes audit-ready evidence artifacts (verdict logs, classifier benchmarks, incident-response runbooks) at injectshield.dev/compliance — the standard SOC 2 / ISO 42001 evidence package ships out of the box.