The blog post critiques the idea that prompt injection strings are akin to zero-day vulnerabilities that should remain undisclosed to prevent exploitation. The author values the ongoing debate about AI security and acknowledges the concern for public safety, but argues against the notion that sharing information about these prompt injections is inherently harmful. They emphasize that while prompt injection attacks can’t be completely patched, defenders still benefit from understanding how these attacks work, as it allows for the implementation of mitigations and controls. The piece highlights the rapid adoption of AI technologies, with ChatGPT reaching 100 million users in just two months, and notes that 78% of organizations use AI in some capacity. This proliferation creates significant security challenges, making the work of AI red teams essential rather than mere security theater. The author contests claims that disclosing successful prompt injection techniques endangers security, asserting that attackers already have the means to develop their own automated attack methods. They point out that knowledgeable defenders can learn from shared experiences and techniques, thus bolstering their defenses against potential threats. Moreover, the author challenges the idea that AI security firms would recklessly publish sensitive prompts used against clients. They argue that responsible security professionals carefully manage what information is released to the public, ensuring that specific attack strings tied to clients remain confidential. The argument concludes by addressing the analogy of prompt injections to zero-days. While the analogy hints at a valid point about the speed of attacks versus defenses, the author insists that understanding these injection strings is vital for effective security measures, further asserting that the case for treating them as zero-days is not sufficiently strong.