Prompt injection remains the SQL injection of the LLM era: an unsolved class of attack that every team building agents has to think about. A consensus is emerging, though, on what a defense-in-depth strategy looks like.
- Input separation between instructions and untrusted content
- Output filtering with deterministic post-processing
- Sandboxed tool execution with least-privilege scopes