Comment by coldtea
9 hours ago
It's not about if it can happen or if it happens.
It's about how easily it's mitigated completely. Use a proper db library which does escaping and it's completely eliminated.
9 hours ago
It's not about if it can happen or if it happens.
It's about how easily it's mitigated completely. Use a proper db library which does escaping and it's completely eliminated.
Nit: modern DB libraries use wire protocols where SQL injection is mitigated by modeling parameters; it’s not just assembled to one big SQL statement and escaped.
Agree with your point though. There will come a time when properly designed LLM apps are not vulnerable, and there will still be poorly designed apps that are.