The Lethal Trifecta for AI Agents Private Data, Untrusted Content, and External Communication
Source: simonwillison.net
Plenty of vendors will sell you “guardrail” products that claim to be able to detect and prevent these attacks. I am deeply suspicious of these: If you look closely they’ll almost always carry confident claims that they capture “95% of attacks” or similar... but in web application security 95% is very much a failing grade.
Read The Lethal Trifecta for AI Agents Private Data, Untrusted Content, and External Communication