Abstract Prompt injection has emerged as the defining vulnerability of large language model (LLM) systems, in much the same way that SQL injection shaped the last two decades of web application security. As organizations embed LLMs into critical workflows, retrievalaugmented generation (RAG) pipelines, and autonomous agents, the trust boundary shifts from structured code and queries to unstructured natural language. This article argues that prompt injection is not merely another inputvalidation bug but an architectural class of vulnerability that will define AI security for the next decade. I first situate prompt injection within the broader landscape of LLM security and adversarial machine learning, drawing on recent surveys, standards, and threatlandscape reports, then develop a taxonomy of prompt injection attacks, direct, indirect, RAGmediated, and agentic before comparing them systematically with SQL injection along dimensions of exploitability, observability, and mitigations. Using recent research on RAG poisoning, AI agent compromise, and OWASP’s LLM Top 10, show that current defenses are fragmented and often brittle. Finally, I propose a defenseindepth model that treats prompt injection as a systemic risk spanning model behavior, integration architecture, and organizational governance. Keywords AI Security, Prompt Injection, OWASP LLM, Adversarial machine learning, RAG, Agentic Systems, semantic vulnerabilities, AI Governance, Autonomous agents, Natural language attack surface.