A lot of people have told me that "things like code injection don't happen anymore."

· Bits and Bobs 6/2/25
  • A lot of people have told me that "things like code injection don't happen anymore."
    • That's why prompt injection won't be a big deal, they assure me.
    • The reason code injection attacks don't happen nowadays is not that the threat went away.
    • It's that the mechanistic defenses against it got strong enough to make it not worthwhile.
    • The lack of code injection attacks in the wild is a testament to the strength and maturity of our operating systems, not to a lack of demand for attacks.
    • Prompt injection cannot be solved by mechanistic approaches like vanilla code injection can.
    • Also remember, the distribution of threats is not fixed; it coevolves with the opportunity.
      • The weaker the system, or the more usage, the more monetary sense the threat makes.
    • Don't confuse the lack of prompt injection attacks with a lack of demand.
    • It's simply a matter of lack of widespread adoption of tools like MCP today.

More on this topic

From other episodes