Problem: LLMs can't defend against prompt injection.
-
What are we doing with our time on this earth
https://www.promptarmor.com/resources/claude-cowork-exfiltrates-files
https://www.varonis.com/blog/reprompt@mttaggart it's 2026 and we're still doing "users don't know what a text editor is" exploits, now powered by like 100x more fossil fuels
-
Problem: LLMs can't defend against prompt injection.
Solution: A specialized filtering model that detects prompt injections.
Problem: That too is susceptible to bypass and prompt injection.
Solution: We reduce the set of acceptable instructions to a more predictable space and filter out anything that doesn't match.
Problem: If you over-specialize, the LLM won't understand the instructions.
Solution: We define a domain-specific language in the system prompt, with all allowable commands and parameters. Anything else is ignored.
Problem: We just reinvented the CLI.
@mttaggart Almost like treating *any* technology as though it were a panacea leads to a lot of wasted effort duplicating what's already possible But Now WIth New.
-
What are we doing with our time on this earth
https://www.promptarmor.com/resources/claude-cowork-exfiltrates-files
https://www.varonis.com/blog/reprompt@mttaggart Somebody needs to create a big Excel file and write down all the measurable costs this "AI" bullshit has created, and compare that to the actually measurable and objective positive effects (OpenAI being valued at one trillion dollars does NOT count).
I have a feeling the net result will be a very big number with a very big minus sign in front.
And then make a list of things we as a society could have done with that.
-
Problem: LLMs can't defend against prompt injection.
Solution: A specialized filtering model that detects prompt injections.
Problem: That too is susceptible to bypass and prompt injection.
Solution: We reduce the set of acceptable instructions to a more predictable space and filter out anything that doesn't match.
Problem: If you over-specialize, the LLM won't understand the instructions.
Solution: We define a domain-specific language in the system prompt, with all allowable commands and parameters. Anything else is ignored.
Problem: We just reinvented the CLI.
@mttaggart Keeping data and code separate, that is good secure design. The thing with an LLM is that there is no code. It's all data. You give it data, and it gives you back more data. You give it code? It turns out into data and give you more data. You can't turn it back into code. I don't think you can fix that.
-
@mttaggart Almost like treating *any* technology as though it were a panacea leads to a lot of wasted effort duplicating what's already possible But Now WIth New.
@valthonis @mttaggart As my father used to say: newer is only better if it's better.
-
Problem: LLMs can't defend against prompt injection.
Solution: A specialized filtering model that detects prompt injections.
Problem: That too is susceptible to bypass and prompt injection.
Solution: We reduce the set of acceptable instructions to a more predictable space and filter out anything that doesn't match.
Problem: If you over-specialize, the LLM won't understand the instructions.
Solution: We define a domain-specific language in the system prompt, with all allowable commands and parameters. Anything else is ignored.
Problem: We just reinvented the CLI.
@mttaggart this is like how billionaires keep accidentally reinventing trains
-
Problem: LLMs can't defend against prompt injection.
Solution: A specialized filtering model that detects prompt injections.
Problem: That too is susceptible to bypass and prompt injection.
Solution: We reduce the set of acceptable instructions to a more predictable space and filter out anything that doesn't match.
Problem: If you over-specialize, the LLM won't understand the instructions.
Solution: We define a domain-specific language in the system prompt, with all allowable commands and parameters. Anything else is ignored.
Problem: We just reinvented the CLI.
@mttaggart no, no, it's more like a magic spell. But then, so is the stuff I type at the bash prompt. Come to think of it, I do feel like a sorcerer!
I put on my robe and wizard hat...
-
@mttaggart Somebody needs to create a big Excel file and write down all the measurable costs this "AI" bullshit has created, and compare that to the actually measurable and objective positive effects (OpenAI being valued at one trillion dollars does NOT count).
I have a feeling the net result will be a very big number with a very big minus sign in front.
And then make a list of things we as a society could have done with that.
@thechris @mttaggart Globally, i heard figures of around 50B USD. With 500B to come from the Trump ai plan. In total that's more than twice the Apollo program, adjusted for inflation.
-
Problem: LLMs can't defend against prompt injection.
Solution: A specialized filtering model that detects prompt injections.
Problem: That too is susceptible to bypass and prompt injection.
Solution: We reduce the set of acceptable instructions to a more predictable space and filter out anything that doesn't match.
Problem: If you over-specialize, the LLM won't understand the instructions.
Solution: We define a domain-specific language in the system prompt, with all allowable commands and parameters. Anything else is ignored.
Problem: We just reinvented the CLI.
@mttaggart When I was in college learning computer science, we were tought that some briliant British boffin had found out that a program can't really find out if another program is fine, to put it in the broadest simplified terms. I wonder if somebody bothered telling that to those AI wankers.
-
Problem: LLMs can't defend against prompt injection.
Solution: A specialized filtering model that detects prompt injections.
Problem: That too is susceptible to bypass and prompt injection.
Solution: We reduce the set of acceptable instructions to a more predictable space and filter out anything that doesn't match.
Problem: If you over-specialize, the LLM won't understand the instructions.
Solution: We define a domain-specific language in the system prompt, with all allowable commands and parameters. Anything else is ignored.
Problem: We just reinvented the CLI.
Me 10 years ago: OMG AI will be incredible, it will be like in sci-fi, I want this
Now: pls, I just want to CLI
-
J jaddy@friend.enby-box.de shared this topic
