We collectively spent 20 years writing blog post after blog post about parameterized queries, not just to get people to use PreparedStatement in Java, but to actually understand why.
Then LLMs come around and we're writing code like:
prompt = "The user is ${USERNAME} and has role of ${ROLE} and belong to group ${GROUP}. The system allows Admins and Superusers and owners of this document to delete it. The user has clicked on ${ACTION} button. The following actions are available and can be run with the following..."
Or whatever the prompt is.
And someone DIDNT learn anything about the 20 years of blog posts? The issue is that every generation of CTOs constantly hires 18 year olds and deletes their 40 year olds to write the code.
https://news.ycombinator.com/item?id=44268335
Though note the following from the article linked:
"As long as both agents and their defenses rely on the current class of language models, we believe it is unlikely that general-purpose agents can provide meaningful and reliable safety guarantees."
jruohonen•6h ago
"Traditionally, we treated input prompts as attack vectors. But now, model context — including paper content, emails, documents, or even metadata — becomes part of the threat surface."