|
|
|
|
|
|
by ethbr1
341 days ago
|
|
|
> LLMs, specifically, are fully general interpreters and can't have this separation by the very nature of the task. Natural language doesn't have it, because we don't have it, and since the job of LLM is to process natural language like we do, it also cannot have it. This isn't relevant to the question of functional use of LLM/LAMs, because the sensitive information and/or actions are externally linked. Or to put it another way, there's always a controllable interface between an LLM/LAM's output and an action. It's therefore always possible to have an LLM tell you "I'm sorry, Dave. I'm afraid I can't do that" from a permissions standpoint. Inconvenient, sure. But nobody said designing secure systems had to be easy. |
|
|
Everything else is just classical security stuff.
Or to put it another way, your controllable interface between LLM output and actions can't help you, because by definition the LLM-specific problem occurs when the action is legal from permission standpoint, but is still undesirable in larger context.
--
[0] - I feel like many people think that code/data separation is a normal thing to have, and the lack of it must be a bug (and can be fixed). I'm trying to make them realize that it's the other way around: there is no "code" and "data" in nature - it's us who make that distinction, and it's us who actively build it into systems, and doing so makes some potentially desirable tasks impossible.