Prompt injection continues to be a major vector of attack for LLMs

https://simonwillison.net/2025/Jun/3/codex-agent-internet-access/#atom-everything

What are the risks of internet access? Unsurprisingly, it's prompt injection and exfiltration attacks. From the new documentation:Enabling internet access exposes your environment to security risks

These include prompt injection, exfiltration of code or secrets, inclusion of malware or vulnerabilities, or use of content with license restrictions. To mitigate risks, only allow necessary domains and methods, and always review Codex's outputs and work log.

Simon Willison's documented the prompt injection concerns for a while. So does Alex Komoroske on his bits and bobs. 

Related:

• CaMeL offeres a promising new direction for mitigating prompt injection attacks
• MCP has prompt injection problems
• Series: Prompt injection from Simon Willison