I doubt there's a definitive and reliable fix, so long as AI agents are exposed to the "Lethal Trifecta" you wrote about. My guess is that it involves a series of fixes, similar to what the post describes, starting with low-hanging fruits like minimizing sensitive context and tool calls and breaking down agentic processes into a series of specialized agents with isolated capabilities and data. The long-term fixes in my opinon are remodelling this process based on zero trust principles and making it practically impossible for LLMs (or even a human who could take this role) to cause damage even if they wanted to.