Prompt Injection Defense Weekly

Defense #1: Seal the Context Boundary Before You Sanitize Inputs

Prompt injection's root cause isn't malicious user input — it's that LLMs treat system prompts, retrieved content, and tool outputs as one undifferentiated instruction stream. This week: a reusable system prompt template that declares explicit privilege zones and task invariants before any untrusted context arrives, plus the attack type it defends against (argument tampering in RAG), and what common defenses get wrong.