Prompt Injection

Most deployed LLM applications have guardrails against direct prompt injection and almost none have meaningful defenses against indirect injection. Here is why that gap is dangerous.