|
|
|
|
|
|
by pvillano
373 days ago
|
|
|
The minimum you can do is not allow the AI to perform actions on behalf of the user without informed consent. That still doesn't prevent spam mail from convincing the LLM to suggest an attacker controlled library, GitHub action, password manager, payment processor, etc. No links required. The best you could do is not allow the LLM to ingest untrusted input. |
|
|
How would that even work in practice, when an LLM is mostly to be used by a user, which will provide by default, untrusted input?