This is overly pessimistic. Prompt injection can be largely mitigated by creating a protocol firewall between agents that access untrusted content and agents that perform computation: https://sibylline.dev/articles/2026-02-22-schema-strict-prom...

I'm working on an autonomous agent framework that is set up this way (along with full authz policy support via OPA, monitoring via OTel and a centralized tool gateway with CLI). https://github.com/sibyllinesoft/smith-core for the interested. It doesn't have the awesome power of a 30 year old meme like the OP but it makes up for it with care.