# prompt-injection

Brex open-sources CrabTrap — an HTTP proxy that intercepts every outbound agent request. Static rules dispatch known patterns in microseconds; the long tail goes to an LLM judge. Policies are inferred from traffic, not hand-written. Three prod surprises: inferred policies beat written ones, LLM fires on <3% of requests, audit log became agent observability.

Developer Kangwook Lee used just 2 API calls and 35 lines of Python to crack open Codex's hidden context compaction API via prompt injection — revealing the secret system prompts behind the encryption.