person

Simon Willison

Independent developer; co-creator of Django; LLM tools

Co-creator of the Django web framework and founder of Datasette. His blog at simonwillison.net has been one of the most-read developer-oriented sources of LLM analysis since GPT-3, with extensive practical attention to prompt injection and capability evaluation.

current Founder, Datasette

homepage @simonw

Strategy positions

Security mindsetendorses

Treat safety as adversarial security; assume systems break under attack

Argues prompt injection is a structurally unfixable vulnerability in current LLM architectures and that any application that mixes trusted instructions with untrusted input has a security defect by design.

Prompt injection isn't a 'we'll fix it later' bug. It's a fundamental property of how these models work, and we have to design applications around the assumption that it can't be patched away.

✍ blogPrompt injection: What's the worst that can happen?· simonwillison.net· 2023· faithful paraphrase

Closest strategy neighbours

by jaccard overlap

Other people whose strategy tags overlap with Simon Willison's. Overlap is on tag identity, not stance; opposites can show up if they reference the same tags.

Daniel Kang
shared 1 · J=1.00
UIUC; LLM agents and AI security
Nicholas Carlini
shared 1 · J=1.00
Anthropic adversarial-ML researcher; ex-Google Brain
Nicolas Papernot
shared 1 · J=1.00
U Toronto / Vector Institute; ML privacy and security
Riley Goodside
shared 1 · J=1.00
Scale AI; prompt engineering pioneer
Vitaly Shmatikov
shared 1 · J=1.00
Cornell Tech; ML privacy and security

Record last updated 2026-04-25.