Direct injection happens when an attacker submits text that mimics system prompts or instructions to a large language model, attempting to override any guardrails put in place by the maintainer.