Interesting Paper Exploring Prompt Injection

A paper shows that LLMs learn to recognize text styles in role blocks, not just tags, making role-based security architecture ineffective. Role boundaries are continuous, enabling subtle injection attacks at scale. Genuine role perception is needed to prevent perpetual injection vulnerabilities.