How is everyone handling prompt injection in autonomous agents right now?

Hi everyone! I'm Mattijs, and I'm launching SovereignShield tomorrow (a 7-layer deterministic defense suite for AI systems).

I built it because having LLMs grade other LLMs for safety feels like risk laundering to me, especially when you are giving agents access to APIs and databases.

Before the launch tomorrow, I am genuinely curious: if you are building AI agents in production, how are you currently protecting your tool executions from prompt injection? Are you relying on probabilistic "guardrail" models, or are you enforcing hard-coded rules?

Would love to hear what the community is actually trusting in production right now!