Literally none of those articles are critizing LLMs, only use made of them by 3rd party actors outside of the providers. It really has nothing to do with LLMs themselves.
The fact that you had to dig to August 2025 to find a single article that's actually a critic of something produced by the AI labs is just further proof.
The prompt injection stuff is very critical of both the technology and the LLM providers especially when I call out that their solution is still to say "they're getting better at avoiding the attacks" when my line has consistently been that "99% is a failing grade".
As someone involved in the WebExtensions Community Group who has been (slowly) trying to figure out what, if anything, we should do at the platform level around these use cases, I appreciate you raising and repeating this concern. I'd be obliged if you have any other recommended reading around this topic.
The fact that you had to dig to August 2025 to find a single article that's actually a critic of something produced by the AI labs is just further proof.