Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't the fix exactly the same? Have the LLM map the request to a preset list of approved queries.


edit: updated my comment because I realized i was thinking of something else. What you're saying is something like the LLM only has 5 preset queries to choose from and can supply the params but does not create a sql statement on its own. i can see how that would prevent sql injection.


Whitelisting the five queries would prevent SQL injection, but also prevent it from being useful.


The original problem is

Output = LLM(UntrustedInput);

What you're suggesting is

"TrustedInput" = LLM(UntrustedInput); Output = LLM("TrustedInput");

But ultimately this just pulls the issue up a level, if that.


You believe sanitized, parameterized queries are safe, right? This works the same way. The AIs job is to select the query, which is a simple classification task. What gets executed is hard coded by you, modulo the sanitized arguments.

And don't forget to set the permissions.


Sure, but then the parameters of those queries are still dynamic and chosen by the LLM.

So, you have to choose between making useful queries available (like writing queries) and safety.

Basically, by the time you go from just mitigating prompt injections to eliminating them, you've likely also eliminated 90% of the novel use of an LLM.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: