Modern cryptographic security research has migrated away from its historic strength—proving primitives unbreakable—toward defending systems where a language model treats attacker-controlled text and trusted instructions as the same substance, collapsing the data–instruction boundary that provable security depended on. The non-obvious takeaway is that today's defenses don't eliminate trust assumptions; they merely relocate them to quieter places, like the tool descriptions a "structural" guardrail relies on—corrupt the contract and the gate fails confidently. The unsettling kicker is that the same opaque models causing the porousness are now the defenders' best auditing tool, making the instrument both wound and suture.
Topics: prompt injection, provable security, data-instruction boundary, LLM agents, trust relocation