CVE-2026-21520: Why Patching a Prompt Injection Doesn't Fix the Architecture

Microsoft patched CVE-2026-21520 on January 15, 2026. Three months later, the headline still ran: "The data exfiltrated anyway." That phrase deserves more attention than it's gotten. This isn't a story about a botched patch or a slow response. It's a story about a category of control — AI safety filters — being asked to do something they structurally cannot do. A governance-plane kill switch is a pre-execution enforcement control that intercepts agent actions before they execute, independent of