[reshabh]

For prompt injection attacks which are context-sensitive, we have developed a DSL (SPML) for capturing the context and then we use the same to detect conflict with the originally defined system bot / chat bot specification. Having restricted the domain of attacks helps in finer grain control and better efficiency in detecting prompt injections. We also hypothesize that since our approach works only by looking for conflicts in the attempted overrides, it is resilient to different attack techniques. It only depends on the intent to attack. https://news.ycombinator.com/item?id=39522245