this post was submitted on 13 Jun 2023
36 points (100.0% liked)
Technology
37716 readers
289 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Regarding little Bobby, is there any known guaranteed way to harden the current systems against prompt injections?
This is something that I'm personally more worried about than Skynet or mass unemployment now that everyone and their dog is rushing to integrate LLMs into to their systems (ok worried maybe a wrong word, but let's just say I have the popcorns ready for the moment the first mass breaches happen with something like the Windows Copilot).
I'm working on it personally, right now I have a group doing pentesting on chats, I have a structured workflow application Ill be giving them soon to see if they can crack an integration point (DB, api, whatever they can get digital hands on).
So far, with the changes OAI made about a month ago now, they can get it to do things it shouldn't but they can't command it like a puppy if the system command is well written.
there are also techniques that im not sure others have considered yet. for example the conversation between the LLM and the user is not exclusive, as the provider you are the arbitrator of those data feeds. You can inspect any packet, and importantly, alter them to your will. This is pretty normal operation for most service providers and is not very different than some early RDBMS protection layers.