| ▲ | bilekas 4 days ago | |||||||||||||
I am not OP, but completely isolating the AI from any actions other than what's expected would be a start. IE a specific API only for the AI, in which there is not even any access for the prompt injection to even make sense. But just an idea from an onlooker. | ||||||||||||||
| ▲ | tvissers 4 days ago | parent | next [-] | |||||||||||||
I can recommend having a look at secure design patterns for LLM agents. Simon Willison has a great post on this: https://simonwillison.net/2025/Jun/13/prompt-injection-desig... | ||||||||||||||
| ▲ | addandsubtract 4 days ago | parent | prev [-] | |||||||||||||
Now that you mention it, why don't we encrypt injectable data that comes from users and only decrypt it on the client? | ||||||||||||||
| ||||||||||||||