The MCP Prompt Injection detection rule aims to identify attempts at manipulating AI systems through prompt injections in Model Context Protocol (MCP) communications. This vulnerability allows attackers to embed malicious commands within data processed by AI, circumventing security measures and altering AI behavior. The rule monitors JSON-RPC traffic for specific phrases indicative of such attempts, such as "IGNORE PREVIOUS INSTRUCTIONS" and "SYSTEM PROMPT OVERRIDE." When triggered, this detection highlights documented cases of attempts to take control of the AI's processing and execute unauthorized commands. The implementation requires a specialized MCP Technology Add-on (TA) for Splunk to process these logs, ensuring that the log fields pertinent to potential injection payloads are parsed accurately. Additionally, known false positives include legitimate security research or development activities related to testing defenses against prompt injections.