Comment by uyzstvqs
8 hours ago
This is so simple to prevent, it's just a matter of prompting. The fact that the bank didn't proactively secure against this makes me glad that I'm not one of their customers.
8 hours ago
This is so simple to prevent, it's just a matter of prompting. The fact that the bank didn't proactively secure against this makes me glad that I'm not one of their customers.
Would it be simple to explain as well? I'm interested
I am not OP, but completely isolating the AI from any actions other than what's expected would be a start. IE a specific API only for the AI, in which there is not even any access for the prompt injection to even make sense. But just an idea from an onlooker.
I can recommend having a look at secure design patterns for LLM agents. Simon Willison has a great post on this: https://simonwillison.net/2025/Jun/13/prompt-injection-desig...
Now that you mention it, why don't we encrypt injectable data that comes from users and only decrypt it on the client?
2 replies →