DURING Infosecurity Europe 2026, OWASP researcher Ariel Fogel warned that prompt injection issues remain unresolved, presenting significant risks for AI development. He emphasized the challenges posed by large language models (LLMs) processing inputs as single token sequences, which complicates the enforcement of privilege boundaries. Failed traditional defenses against prompt injections lead to potential real-world consequences as AI agents gain capabilities.
Fogel highlighted Simon Willison's 'Lethal Trifecta'—access to private data, exposure to untrusted content, and external communication—as critical factors in susceptibility to these attacks. He advocated for a shift toward containment strategies at machine speed, emphasizing the importance of real-time monitoring and better cross-team collaboration to counteract the risks associated with prompt injection.