Breaking the Lethal Trifecta (Without Ruining Your Agents)
Andrew Bullen
[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 1
Prompt injection is not a future problem — it is happening now, and most companies are ignoring it. Andrew Bullen, Head of AI Security at Stripe, argues that the only viable strategy is to assume prompt injection will succeed and architect your agents so that when it does, the damage is contained. His talk walks through the specific controls Stripe has built, the friction they cause, and the engineering work required to make those controls actually adoptable. ---
AI review
Bullen's talk is honest about the limits of what Stripe can actually defend against and methodical about what they've built instead. The 'assume injection will succeed' framing is correct and the Toolshed MCP proxy, Smokescreen enforcement, and tool annotation system are concrete controls at real scale — not theoretical.