Comment by brookst
9 hours ago
This is true as long as “your code” includes the entire stack. There are still high level business applications where users enter SQL directly and it is only escaped, not handled using proper database SDK affordances.
LLMs are a decade or two behind SQL, but then they’re younger too. Just like we’re getting reasonable effected enforcement of output schemas, I expect we’ll see proper separation of control and data in the near-ish future.
It likely requires reworking model architecture since that’s single-stream now, but I don’t think it’s insurmountable.
Of course prompt injection will be a PITA for ages, just like SQL injection still rears its head today.
In this regard, LLMs are probably much more than two decades behind. If they're even going in the same direction at all. SQL has been around for a very long time, and parameterised queries almost as long.