How to stop AI's "lethal trifecta" (www.economist.com)

Large language models (LLMs) carry an intrinsic security flaw: they don’t distinguish code from data. That makes them vulnerable to prompt-injection attacks, where malicious inputs embed instructions the model dutifully follows — sometimes harmlessly (e.g., “speak like a pirate”) but other times enabling data exfiltration, policy bypasses, or unauthorized actions. The article brands this convergence — ambiguous input interpretation, models’ instruction-following bias, and weak isolation between model and execution environment — a “lethal trifecta” that threatens any system that treats LLM outputs as trusted code or decisions. The proposed cure is engineering discipline: coders must think like mechanical engineers and design LLM-based systems with containment, fail-safes and clear interfaces. Practically, that means strict separation of code and data, sandboxed execution, privilege/permission layers, input canonicalization and validation, cryptographic provenance for trusted instructions, runtime monitors and human-in-the-loop gates, plus formal testing and verification of safety properties. For the AI/ML community this implies new tooling and development lifecycles that blend security, systems and ML expertise — moving from model-centric research to systems engineering to prevent predictable, preventable failures in real-world deployments.