Prompt Injection Is Unfixable (So We Stopped Trying) (grith.ai)

Recent insights reveal that prompt injection, a method for manipulating AI systems by embedding malicious input, is fundamentally unfixable due to the structural nature of large language models (LLMs). Despite extensive research over three years aimed at addressing this vulnerability, the AI community now largely agrees that it cannot be patched at the model level without undermining the models' key functionality: interpreting and following natural language instructions. Recognizing this limitation, grith has developed a new architectural approach that assumes models will be compromised and focuses on containing potential damages rather than preventing attacks through ineffective defenses like input filtering and hierarchical instruction ranking. This shift in perspective echoes a broader trend in cybersecurity known as Zero Trust Architecture, which emphasizes the importance of evaluating the actions an AI takes rather than trying to prevent manipulative inputs from reaching it. By implementing a security proxy that scrutinizes each operational command based on observable behaviors rather than the model's intent, grith aims to mitigate risks posed by compromised models. This approach aligns with emerging consensus among industry leaders that moving forward, the critical question for AI systems will be how effectively they can contain and assess actions post-compromise, rather than how to prevent such compromises from occurring.