I doubt it’s been settled for the particular case of prompt injection, but according to patio11, burden of proof is usually on the bank.