Strengthening your system prompt doesn't stop indirect injection. Because LLMs can't enforce boundaries between "instructions" and "data" in natural language.
This highlights how true AI security requires machine-enforceable trust boundaries, since relying on system prompts alone cannot reliably prevent instruction injection in LLMs
This highlights how true AI security requires machine-enforceable trust boundaries, since relying on system prompts alone cannot reliably prevent instruction injection in LLMs
Exactly. LLMs can’t reliably distinguish instructions from data, that’s the core vulnerability.
Boundaries must enforce separation before content reaches the model, not rely on prompt filtering.
Pre-ingestion validation is the only defense.