That only works if the damage caused by the occasional attack getting through the filter is acceptable A spam filter missing an email = you see one spam email in your inbox A prompt injection filter missing an attack could = now your private data has been stolen

→ View original post on X — @simonw,