no one wants to think about security when it stands in the way of the shiny thing in front of them. security is hard and boring, it always gets tossed aside until something major happens. When large, news worthy, security incidents start taking place that affects the stock price or lives and triggers lawsuits it will get more attention.

The issue that I find interesting is the answer isn't going to be as simple as "use prepared statements instead of sql strings and turn off services listening on ports you're not using", it's a lot harder than that with LLMs and may not even be possible.

If LLMs are as good at coding as half the AI companies claim, if you allow unvetted input, you're essentially trying to contain an elite hacker within your own network by turning off a few commonly used ports to the machine they're currently allowed to work from. Unless your entire internal network is locked down 100% tight (and that makes it REALLY annoying for your employees to get any work done), don't be surprised if they find the backdoor.