We are keeping a list of AI/ML related links from research to more accessible items, hoping to share some of the more accessible posts with a wider community!
We are keeping a list of AI/ML related links from research to more accessible items, hoping to share some of the more accessible posts with a wider community!
Regarding little Bobby, is there any known guaranteed way to harden the current systems against prompt injections?
This is something that I’m personally more worried about than Skynet or mass unemployment now that everyone and their dog is rushing to integrate LLMs into to their systems (ok worried maybe a wrong word, but let’s just say I have the popcorns ready for the moment the first mass breaches happen with something like the Windows Copilot).
I’m working on it personally, right now I have a group doing pentesting on chats, I have a structured workflow application Ill be giving them soon to see if they can crack an integration point (DB, api, whatever they can get digital hands on).
So far, with the changes OAI made about a month ago now, they can get it to do things it shouldn’t but they can’t command it like a puppy if the system command is well written.
there are also techniques that im not sure others have considered yet. for example the conversation between the LLM and the user is not exclusive, as the provider you are the arbitrator of those data feeds. You can inspect any packet, and importantly, alter them to your will. This is pretty normal operation for most service providers and is not very different than some early RDBMS protection layers.