Prompt injection is the new SQL injection, and guardrails aren’t enough

Prompt injection has topped OWASP's LLM vulnerability list two years running, and unlike SQL injection, no architectural fix exists. The post draws a detailed analogy between the two attack classes, explains why current guardrails are probabilistic and bypassable, and argues that infrastructure layers—network segmentation, egress controls, endpoint security, and forensic logging—must serve as the last line of defense. A fictional but technically grounded case study traces an indirect prompt injection attack through a RAG pipeline, showing how a poisoned Confluence document led to multi-user session compromise and data exfiltration over eleven days, with every application and model-layer defense failing to catch it. Practical mitigations are outlined for each layer: application input/output validation, system prompt hardening with delimiters and instruction hierarchy, output classifiers, context isolation for retrieved documents, Kubernetes network policies, EDR with least-privilege enforcement, and LLM-specific forensic logging.