When Prompt Injection Gets Real: Use GraphQL Federation to Contain It

From 2024 to 2025, AI security breaches like those involving Amazon Q, Vanna.AI, and EchoLeak highlighted the inadequacy of security controls designed for human users when applied to large language models (LLMs), which lacked runtime boundaries to prevent unauthorized code execution and data access. WunderGraph Cosmo proposes a solution by applying federation principles, such as persisted operations, scoped access, and signed configurations, to enforce runtime boundaries and prevent unverified execution. Case studies, including Vanna.AI's remote code execution vulnerability and EchoLeak's data leak via Copilot, demonstrate how trust misplaced in model output led to compromised environments. By implementing federation, systems can ensure that only approved actions are executed, credentials are tied to least privilege access, and unverified artifacts are blocked, transforming prompt injection from a breach into a blocked request. This governance framework prioritizes predictability over perfection, ensuring that AI systems operate within defined constraints and emphasizing proactive containment rather than reactive patching.