Prompt injection is a lot like SQL injection: take untrusted data, shove it into a data stream that uses in-band sign...

Prompt injection is a lot like SQL injection: take untrusted data, shove it into a data stream that uses in-band signaling, and hope for the best. A common approach for dealing with prompt injections is to ask another process, or even a model, to scan the resulting string and see if it looks safe. This is about like shoving user data straight into a SQL template and looking at the result to see if it more or less looks alright. That’s nuts. Why don’t we have a standard format for escaping use...