That’s a pretty scary answer, to be honest.
Regardless, here’s the CaMeL paper. Defeating Prompt Injections by Design (2025): https://arxiv.org/abs/2503.18813
Here’s a paper offering a survey of different mitigation techniques, including CaMeL. Design Patterns for Securing LLM Agents against Prompt Injections (2025): https://arxiv.org/abs/2506.08837
And here’s a high-level overview of the state of prompt injection from 'simonw (who coined the term), which includes links to summaries of both papers above: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
Thanks!
Don't worry have worked with a few friends experienced in prompt injection to help with the platform.
But will read these too :)
Re: CaMeL, Jesus, why not build a UI with explicit access controls at that point?
because you can't enjoy your pina coladas on the beach if your phone keeps buzzing every 10 seconds.