Almost all these recent compromises seem to involve either cache poisoning or prompt injection via untrusted variables.