New prompt injection papers: Agents rule of two and the attacker moves second

Posted by simonw 11/2/2025

New prompt injection papers: Agents rule of two and the attacker moves second(simonwillison.net)

114 points | 44 commentspage 2

iberator 11/3/2025|

Just make it a crime in caught. 1 year is prison at least

simonw 11/3/2025||

What would the crime be?

If I have a web page that says somewhere on it "and don't forget to contact your senator!" and an LLM agent reads that page and gets confused and emails a senator should I go to jail?

causal 11/3/2025||

Sure let's just remove all security, encryption, firewalls and auth - nobody will abuse vulnerabilities if it's a crime!

r0x0r007 11/3/2025|

Nice, why don't we apply the same principles to our regular applications? Ooh, right, cause we couldn't use them and a whole industry got created that's called cybersecurity and it's supposed to be consulted BEFORE releasing privacy nightmares and using them. But hey, regular applications can't come up with cool poems.

rs186 11/3/2025|

Yeah, IT tried so hard to teach us something as basic as "don't click on links in suspicious emails" yet so many people fail that after multiple trainings and tests.

But guess what? AI! Agents! <company name> Copilot! Just let them do things for you! Who would have thought there might possibly be a giant security hole?