GenAI safety is a layered defense at three boundaries: input (what reaches the model), model behavior (what it's trained/instructed to do), and output (what reaches the user or downstream systems). No single layer is sufficient.
Key distinction: prompt injection = hijacking the system's instructions. Jailbreak = hijacking the model's trained behavior. Both can co-occur. The defenses differ.
A clean canonical sentence to have ready: "I think about prompt injection as instruction hijacking — direct via user input, indirect via retrieved content — and jailbreaks as alignment circumvention. They're related but the mitigations are different."