I'm reminded of all the man-hours spent building layers that prohibited someone's "about me" field from containing words like "update" or "delete" or "truncate".

Sure, technically it reduced the the odds of the system getting hacked, but it rankles against some engineering ideal of "not a proper fix." Yet it still happens, because a "proper fix" involves some change to the underlying layer (RDBMS or LLM).