An attacker can exploit a language model by injecting malicious commands into its system prompt or tools, which can lead to various security risks such as data leaks and unauthorized behavior. To mitigate these risks, it's essential to design for worst-case scenarios, assume total compromise of the attack surface, and scope tools tightly to prevent unauthorized access. Moreover, proper authorization, validation, and sanitization are crucial to prevent prompt injection and exfiltration through model output. The key is to limit the consequences of an incorrect behavior by treating model output as untrusted by default and avoiding rendering markdown or HTML directly. By designing for failure first and shipping later, developers can minimize damage when their language models behave incorrectly.