research

Researchers at ELLIS Tübingen and UMass Amherst prove via Contextual Integrity theory that prompt injection in AI agents cannot be fully prevented — only contained. Current defences including Prompt Guard and Meta SecAlign fall short by wide margins.