Once an LLM stops being a chatbot and starts driving real workflows, retrieving documents, calling tools, querying databases, and acting on a user's behalf, prompt injection moves from a curiosity to a serious application security problem. This guide is for engineers and security architects who are shipping LLM features and need a concrete defensive architecture, not just awareness. We map each defense to the relevant entries in the OWASP Top 10 for LLM Applications so you can reason about coverage. The central theme is non-negotiable: never trust model output, and never let the model do more than the least-trusted input it has seen should be allowed to do. Everything here is defensive; we describe attacker techniques only at the conceptual level needed to defend against them.