There's a class of prompt injection attack that bypasses almost every AI firewall on the market — and it's sitting in the blind spot of your agentic stack right now. It's not in your system prompt. It's not in the user's message.
It arrives mid-session, inside a tool_result block, after your agent has already started working. The Attack Nobody Talks About Most teams think about prompt injection