LLM security and safety screams - Long List

Got it — below is the same set of developer “LLM security / safety screams,” but sorted by volume of discussion + intensity of pain as it actually shows up online (HN, Reddit, blogs, security writeups).
Think of this as “what devs complain about the most, and the loudest.”

I’ll group them into tiers, with short explanations for why they rank that high.

🔥 TIER 1 — HUGE VOLUME, HUGE PAIN

These dominate discussions. If you follow LLM dev or appsec spaces, you see these constantly.

1. Prompt injection (direct & indirect)

Why it’s #1

  • Massive volume across HN, Reddit, blogs, OWASP, vendor docs

  • Hits every LLM app, not just fancy agents

  • Feels fundamental, not just a bug

Typical dev screams

  • “This is SQL injection all over again… but worse”

  • “You can’t separate instructions from data”

  • “It feels unfixable at the model level”

  • “Users can just tell it to ignore the rules”

Pain drivers

  • Architectural (not patchable)

  • Applies to chat, RAG, agents, summarizers

  • Hard to explain to product & legal

➡️ This is the core existential anxiety of LLM security.

2. Agents + tools turning mistakes into real-world damage

Why it’s #2

  • Volume exploding as soon as people ship agents

  • Stakes jump from “bad text” → “bad actions”

Typical dev screams

  • “A jailbreak isn’t just words anymore”

  • “The model can now email, buy, delete, deploy”

  • “One prompt can cause a real incident”

Pain drivers

  • Tool calls = side effects

  • Security teams freak out

  • Developers suddenly responsible for AI actions

➡️ This is where LLM risk becomes board-level risk.

3. RAG + untrusted data poisoning

Why it’s #3

  • RAG is everywhere

  • Makes security feel like supply-chain security

Typical dev screams

  • “My model is only as safe as the docs it reads”

  • “Someone can poison the knowledge base”

  • “It followed instructions hidden in a PDF”

Pain drivers

  • Indirect prompt injection

  • Hard to sanitize large corpora

  • Difficult to audit provenance

➡️ Devs realize: “Search results are now executable.”

4. Guardrails are brittle, bypassable, and expensive

Why it’s #4

  • Everyone tries guardrails

  • Everyone is disappointed

Typical dev screams

  • “It blocks normal users but lets attackers through”

  • “Someone jailbroke it in 5 minutes”

  • “Latency + cost + UX pain”

Pain drivers

  • False positives + false negatives

  • Constant cat-and-mouse

  • No clear “best practice”

➡️ Guardrails feel like duct tape, not engineering.

5. “This may never be fully fixable”

Why it’s #5

  • Existential dread posts do huge numbers

  • Quoted by security agencies and researchers

Typical dev screams

  • “Is prompt injection fundamentally unsolvable?”

  • “We can mitigate forever, but never guarantee”

  • “Compliance wants ‘never’ — I can’t say that”

Pain drivers

  • Probabilistic systems

  • No hard isolation boundary

  • Legal/compliance mismatch

➡️ This is the philosophical core pain.

🔥 TIER 2 — BIG PAIN, MODERATE-HIGH VOLUME

Very common in production teams and security-minded orgs.

6. Secrets + untrusted input + output channels (“lethal trifecta”)

Dev screams

  • “If it can see secrets and read user input, it’s game over”

  • “One prompt away from exfiltration”

➡️ Especially loud in internal tools & enterprise apps.

7. Tool / schema poisoning

Dev screams

  • “Even tool descriptions are an attack surface?”

  • “The model trusted poisoned metadata”

➡️ Shows up as soon as teams build complex toolchains.

8. Observability & debugging is terrible

Dev screams

  • “Why did it do that?”

  • “Which token triggered the tool call?”

  • “I can’t reproduce this bug”

➡️ Huge frustration for senior engineers.

9. Jailbreaks keep evolving faster than defenses

Dev screams

  • “There’s a new jailbreak every week”

  • “Fix one, three more appear”

  • “They transfer across models”

➡️ Seen as embarrassing and demoralizing.

10. System prompt & internal policy leakage

Dev screams

  • “Why is it revealing internal instructions?”

  • “Now attackers know our control logic”

➡️ Painful because it feels sloppy even when it’s hard.

⚠️ TIER 3 — MODERATE PAIN, STEADY BACKGROUND NOISE

Not always front-page, but persistent.

11. Data retention & vendor trust anxiety

  • “Will this be trained on?”

  • “What happens if ToS changes?”

12. Compliance & governance mismatch

  • “Auditors want guarantees”

  • “LLMs don’t do guarantees”

13. Reproducibility issues

  • “Same prompt, different behavior”

  • “Worked yesterday, broken today”

14. Local LLMs don’t magically fix security

  • “On-prem doesn’t fix prompt injection”

  • “Still no instruction/data boundary”

15. Cost attacks / denial of wallet

  • “Someone can burn our budget with loops”

  • “Retries + long context = $$$”

🧪 TIER 4 — LOWER VOLUME, HIGHLY TECHNICAL OR EMERGING

More common in research & advanced teams.

16. Multimodal prompt injection (images, audio)

  • “Prompts hidden in images”

  • “OCR creates an attack surface”

17. Multilingual safety gaps

  • “Safety works in English, not elsewhere”

18. Alignment regressions after fine-tuning

  • “We fixed X and broke Y”

  • “Emergent misalignment”

19. Red-teaming is hard to operationalize

  • “How do we test this continuously?”

  • “Manual adversarial testing doesn’t scale”

20. AI-generated noise in security triage

  • “Fake bug reports”

  • “AI slop overwhelms signal”

🧠 TL;DR — WHAT DEV PAIN REALLY LOOKS LIKE

If you compress all the screaming into one sentence, it’s this:

“LLMs blur instructions and data, and once they can act, that blur becomes a security incident — and no one can give me hard guarantees.”

If you want next:

  • 🔥 Top 10 quotes verbatim (HN/Reddit tone)

  • 🧠 Mapping: old AppSec concepts → LLM equivalents

  • 🛠️ Which pains different roles feel (app dev vs security vs product)

Just say the word.