Ai code gen sounds like magic until security whispers 'prompt injection' – now every feature feels like russian roulette

A developer with over 20 days of experience in AI engineering has explored the potential of large language models (LLMs) in generating code. By embedding LLMs inside a system, the output is no longer just text, but an instruction for actions such as generating code, triggering workflows, and executing logic. This approach enables a new class of applications, but also raises security concerns, including prompt injection, code injection, and resource exhaustion. The developer notes that every layer of protection limits the model's freedom, and the most valuable scenario is when the schema is created dynamically and code is generated and executed without prior knowledge of the steps. This requires careful risk prioritization, as excessive validations can impact latency, cost, and reliability. The developer is still learning to balance security and functionality, highlighting the importance of considering security as a design aspect, rather than an add-on, when building systems that use LLMs to act, not just respond.