alt Hacker NewsI am not OP, but completely isolating the AI from any actions other than what's expected would be a start. IE a specific API only for the AI, in which there is not even any access for the prompt injection to even make sense. But just an idea from an onlooker.
Replies
addandsubtract • today at 3:50 PM
Now that you mention it, why don't we encrypt injectable data that comes from users and only decrypt it on the client?
➕ show 1 reply
I can recommend having a look at secure design patterns for LLM agents. Simon Willison has a great post on this: https://simonwillison.net/2025/Jun/13/prompt-injection-desig...