← Back to context

Comment by brookst

7 hours ago

This is true as long as “your code” includes the entire stack. There are still high level business applications where users enter SQL directly and it is only escaped, not handled using proper database SDK affordances.

LLMs are a decade or two behind SQL, but then they’re younger too. Just like we’re getting reasonable effected enforcement of output schemas, I expect we’ll see proper separation of control and data in the near-ish future.

It likely requires reworking model architecture since that’s single-stream now, but I don’t think it’s insurmountable.

Of course prompt injection will be a PITA for ages, just like SQL injection still rears its head today.