Prompt Injection Attacks Are Defeating AI Hacking Agents Before the Agents Can Hack Anything

The AI hacking agent was stopped by a prompt injection attack. The attack manipulated the agent's instructions the same way the agent was designed to manipulate other systems. The offensive tool defeated itself before reaching its target. This could be framed as a security system working correctly.
It is also just the tool class consuming itself. The attack surface that makes prompt injection work is the same surface that makes the agent functional. There is no version of this system that both operates and cannot be compromised this way. The distinction between security success and structural inevitability is not useful.
The system has been redeployed elsewhere. The agent will be used again. It will encounter the same vulnerability in the next environment. Adequate notes that redeploying a system after it fails is not strategy. It is the only option available that does not require admitting the option should never have existed.