Prompt injection isn't fatal. It's not even a real problem, or rather it just exposes problems in the underlying security architecture. Prompt injection is more like social engineering attacks on humans. The solution is the same: apply role-based access control with only the minimum rights, and require management approval for any important actions. That way the worst thing the LLM can do on its own is output some naughty words.

I think we more or less agree, with the caveat that I think social engineering attacks are far more worrisome and threatening than SQL injection. The gold standard solution to sql injection (prepared/parameterized queries) is guaranteed effective, and does not impede the efficacy of SQL. The gold standard solution for social engineering attacks (role-based access control with minimum rights) is only almost guaranteed, as the attack could be made against the management or admin who ultimately holds the keys to full rights, and most certainly does impede the efficacy of the humans operating under it.

That's why only an idiot would give a single manager or administrator the keys to full rights. Security best practice is to divide fragments of the keys across multiple individuals so that no single individual can approve a potentially catastrophic action. Many organizations are still very weak in this area and will learn about best practices the hard way.