|
|
|
|
|
|
by kryogen1c
1136 days ago
|
|
|
Isn't this security through obfuscation? Doesn't it shift the risk instead of eliminating it? That's fine if that's the intention, but that's a different risk mitigation strategy. The post you replied to is saying it's categorically impossible to have an injection filter when user input interacts with executable statements. |
|
|
Yes it's exactly that.
Of course I'm not trying to argue that there's a magic wand to make prompt injection just go away. My point is that prompt injection is so dangerous because we're letting the user directly interact with such a powerful beast as a SOTA LLM.
By filtering prompts and answers by much less powerful but more specialized models we are heavily mitigating risks. But injection risks will still be there just not as a wide open injection avenue as it is today.
Update: typos.