[simonw]

I don't know of any 100% reliable fixes for this, and I've been looking for them for nearly three years: https://simonwillison.net/tags/prompt-injection/

Most promising approach right now is this one: https://simonwillison.net/2025/Apr/11/camel/

This paper is useful too: https://simonwillison.net/2025/Jun/13/prompt-injection-desig...