1. Meaning of “Malicious Prompt Engineering” in Legal Context

Although South African law does not yet define “prompt engineering”, the conduct falls within existing legal categories.

Malicious prompt engineering refers to:

The intentional crafting of prompts to:

• Manipulate AI systems into producing harmful outputs
• Extract confidential or protected data
• Bypass safety controls (jailbreaking)
• Generate fraudulent documents, phishing content, or false legal/corporate outputs
• Automate cyber fraud or deception

Legal classification in South Africa:

It may fall under:

• Cybercrime (Cybercrimes Act 19 of 2020)
• Fraud (common law)
• Attempted fraud
• Identity theft
• Unlawful access/interference with data
• Intellectual property infringement
• Delict (civil liability for harm caused)

2. Core Legal Question

South African courts would ask:

Did the accused intentionally use a digital system (including AI) to unlawfully cause harm, deception, or financial loss?

The fact that AI is involved does NOT remove liability.

3. Key Statutes Applied

3.1 Cybercrimes Act 19 of 2020

Malicious prompt engineering may amount to:

• Illegal access to a computer system
• Interference with data or system functionality
• Cyber fraud or cyber forgery
• Producing harmful digital content for criminal purposes

3.2 Electronic Communications and Transactions Act (ECTA)

• Prohibits unauthorized access
• Criminalises data manipulation and interception
• Recognises electronic evidence

3.3 Common law fraud

If prompts are used to deceive:

• Humans
• AI systems
• Organisations relying on AI outputs

→ Fraud is established if:

• Misrepresentation exists
• Intent to deceive is proven
• Actual or potential prejudice exists

4. How Courts Interpret AI-Driven Harm

South African courts do NOT treat AI as autonomous legal actors.

Instead:

• The user of the prompt is liable
• The developer/operator may also be liable in negligence or contract
• Intent is inferred from digital behaviour

5. Relevant South African Case Law (Highly Relevant Analogies)

Because there is no direct “prompt engineering case law” yet, courts rely on cybercrime, digital fraud, and electronic evidence cases.

CASE LAW 1: Fourie v Van der Spuy and De Jongh Inc (2019) ZAGPPHC 449

Principle:

Email hacking and fraudulent manipulation of digital communications constitute actionable wrongdoing.

Legal rule:

• Courts recognise email-based deception as cyber-enabled fraud
• Victims may recover losses from negligent professionals

Relevance:

Malicious prompts used to generate fake emails, invoices, or legal instructions fall directly within this reasoning.

CASE LAW 2: Safi v Gascoigne Randon and Associates (2023) ZAGPJHC 207

Principle:

Attorneys held liable for failing to prevent cyber fraud and email manipulation.

Legal rule:

• Duty of care extends to digital communication systems
• Failure to secure systems = liability

Relevance:

If malicious prompts are used within corporate systems (e.g., AI email drafting tools), companies may be liable for inadequate safeguards.

CASE LAW 3: Gerber v PSG Wealth Financial Planning (2023) ZAGPJHC 270

Principle:

Duty to protect clients against cybercrime is enforceable in contract law.

Legal rule:

• Firms must employ reasonable technological safeguards
• Cyber vulnerability is foreseeable

Relevance:

If AI systems are manipulated through prompts to cause financial harm, institutions may be liable for failing to secure AI workflows.

CASE LAW 4: Edward Nathan Sonnenberg Inc v Hawarden (2024) ZASCA 90

Principle:

Business email compromise (BEC) and cyber fraud are foreseeable risks.

Legal rule:

• No automatic liability for third-party cyber interception
• But reasonable safeguards are required

Relevance:

Malicious prompt engineering used to generate fraudulent instructions is treated like BEC risk → foreseeability matters.

CASE LAW 5: Ross v Nedbank Ltd (2024) ZAGPJHC 1146

Principle:

Banks are not automatically liable for cyber-fraud losses unless wrongfulness is proven.

Legal rule:

• Wrongfulness depends on legal duty
• FICA does not automatically create private-law duties

Relevance:

AI-driven fraud via prompt manipulation would require proof of:

• Legal duty
• Fault or negligence

CASE LAW 6: Intech Instruments v Transnet SOC Ltd (2019 ZASCA)

Principle:

Failure in complex technological systems does not excuse contractual obligations.

Legal rule:

• Parties remain liable even when technical systems fail
• Risk allocation is contractual

Relevance:

If AI systems are manipulated through malicious prompts, the operator remains responsible under contract unless excused.

CASE LAW 7: Holmdene Brickworks v Roberts Construction (1977)

Principle:

Liability for defective outputs causing foreseeable damage.

Legal rule:

• If defective performance causes loss → damages follow

Relevance:

AI-generated harmful outputs (e.g., fake legal advice, fake invoices) triggered by malicious prompts = defective performance.

6. How South African Courts Would Treat Malicious Prompt Engineering

6.1 As Cybercrime (Primary classification)

If used to:

• Hack AI systems
• Extract confidential data
• Generate phishing content

→ prosecuted under Cybercrimes Act

6.2 As Fraud (if deception occurs)

If prompts generate:

• Fake invoices
• Fake legal instructions
• Fake identity documents

→ fraud charges apply

6.3 As Attempted crime

Even if AI fails to produce intended output:

• Attempt liability still applies

6.4 As Civil Wrong (Delict)

If harm results:

• Financial loss
• Reputational damage
• Operational disruption

→ damages can be claimed

7. Legal Challenges Unique to Prompt Engineering

7.1 Attribution problem

Courts must prove:

• Who wrote the prompt
• Whether intent existed

7.2 AI intermediary issue

AI is treated as:

• A tool, not an actor

7.3 Dual-use ambiguity

Prompts may be:

• Legitimate (research, coding)
• Malicious (fraud, exploitation)

Intent becomes decisive

8. Liability Structure in South African Law

9. Key Legal Principles Emerging

From case law and statutes:

9.1 Technology neutrality principle

Law applies regardless of tool used (AI, email, or prompts)

9.2 Intent overrides medium

Whether harm is caused via:

• human typing
• automation
• AI prompts
  → legal outcome is same

9.3 Reasonable cybersecurity duty

Organizations must anticipate:

• prompt injection
• model manipulation
• AI-assisted fraud

10. Conclusion

In South African law, malicious prompt engineering is not a separate offence, but it is fully captured under existing frameworks:

• Cybercrimes Act (core criminal liability)
• Fraud and attempt doctrines (common law)
• POPIA / ECTA (data misuse and system integrity)
• Contract and delict law (civil liability)

The key judicial approach, reflected in cases like:

• Fourie v Van der Spuy
• Gerber v PSG Wealth
• Ross v Nedbank
• Hawarden (SCA 2024)

is that:

Digital manipulation—regardless of whether it is done via hacking, email, or AI prompts—is legally assessed by its intent, foreseeability, and harmful outcome, not the technology used.