Comment by simonw

This was my big mistake when I coined the term "prompt injection". I named it after SQL injection because the cause is the same - concatenating together trusted and untrusted text.

What I didn't realize at the time is that the fix is NOT the same. SQL injection is fixed by parameterizing queries. I assumed the same technique could be used with prompts... and then quickly learned that this isn't true at all. We've been trying to figure out how to do that for nearly four years now without success.

So "prompt injection" is a bad name, because it implies a solution which doesn't actually work.

(Not to mention it turns out many people are unaware of SQL injection so when they hear "prompt injection" they assume it means injecting bad prompts into a model, aka jailbreaking.)