They're entirely untrustworthy for anything like access control, because whoever gets control of a portion of the input tokens effectively controls the output https://
simonwillison.net/2023/Nov/27/pr
ompt-injection-explained/
…
Prompt Injection Security Vulnerability in AI Access Control Systems
By
–