The Agent Security Gap
Why adversarial prompt engineering is not the problem — and what actually is In early 2023, a group of researchers demonstrated something that made security people uncomfortable and product people dismissive. They showed that a language model could be instructed to do things its creators never intended, not by the person using it, but by content it was asked to process. The paper was called “Not what you’ve signed up for.” The attack was called indirect prompt injection. Three years later, the industry still has not fully absorbed the lesson. The fixation on prompt injection If you follow AI security discourse, you would think prompt injection is the central problem. It dominates conference talks. It tops the OWASP list. It generates endless proof-of-concept videos. And it should get attention. It is a real vulnerability. But the fixation on prompt injection obscures a more important truth: prompt injection is a symptom, not the disease. ...