The security principle, missing in today's LLMs, that a system should distinguish trusted instructions from untrusted input; its absence is why prompt injection works.