[resistattack]

I think any idea about how to avoid this problem could be very valuable, so I don't think anyone is going to give the solution for free. That is why I asked for a way to pay real money for such research, for example establishing a prize when your system is able to resist all attacks during a week. I think that 10 million dollars would be a good prize.

[simonw]

If you ship an API version of a model that is demonstrably resistant to prompt injection today you'll make more than $10m from it.

If you find a solution and publish a paper describing it your lifetime earning potential may go up by that amount too. A lot of very valuable use-cases are blocked on this right now.

[resistattack]

Interesting. Unfortunately (for me at least), I don't have a solution for this problem, but I think such a prize could improve the chances of new breakthroughs in security that allows ai agents use secrets in many tasks. Allocating resources for crucial tasks is an intelligent decision.