Comment by Dylan16807

This is conflating different problems, in my opinion.

Can you make sure the instructions and data are separated and the machine follows only the instructions and doesn't change its behavior based on the data? No.

But the part that's impossible is not "the instructions and data are separated". The part that's impossible is "the machine follows only the instructions".

Separating instructions and data is not impossible, but it doesn't solve your problems.

One really important consequence of this is that even if the data doesn't have anything that looks like instructions, it can poison the machine anyway! If you get too focused on "instructions" then you miss that security flaw!

Even if you don't give the machine any data at all, it might not follow the instructions. It's not instruction/data conflation as the root cause, it's that instructions don't really work in the first place.