AI Security with Guarantees
Ilia Shumailov
[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 2
Ilia Shumailov, a former Oxford academic turned AI security startup CEO, argues that the industry's cat-and-mouse approach to AI security is structurally broken — and that formal guarantees are achievable today for a significant fraction of agentic tasks. The mechanism: separating instruction flow from data flow so that untrusted data can never redirect what an agent does, only influence what it returns. ---
AI review
Shumailov walked into a room full of people building cat-and-mouse defenses and told them, with academic precision, that they are in a structurally unwinnable game — and then handed them a way out. CAMEL's control flow integrity guarantee is not theoretical: separating instruction flow from data flow produces a formally bounded attack surface, and the cookie-prompt attack class he described is the kind of adversarial edge case that distinguishes serious research from conference-circuit hand-waving.