[matusp]

I wonder how they handled it. Everybody's connecfing their AI to the Web, but it automatically means that any data AI has access to can be extracted by the attacker. The only safe way forward is to 1. disconnect the Web or 2. perhaps to filter the generated URLs aggressively.

[wat10000]

Private data, untrusted data, communication: an LLM can safely have two of these, but never all three.

Browsing the web is both communication and untrusted data, so it must never have access to any trusted data if it has the ability to browse the web.

The problem is, so much of what people want from these things involves having all three.

[TeMPOraL]

> The problem is, so much of what people want from these things involves having all three.

Pretty much. Also there's no way of "securing" LLMs without destroying the quality that makes them interesting and useful in the first place.

I'm putting "securing" in scare quotes because IMO it's fool's errand to even try - LLMs are fundamentally not securable like regular, narrow-purpose software, and should not be treated as such.

[bossyTeacher]

> I'm putting "securing" in scare quotes because IMO it's fool's errand to even try - LLMs are fundamentally not securable like regular, narrow-purpose software, and should not be treated as such.

Indeed. Between this fundamental unsecurability and alignment, I struggle to see how OpenAI/Anthropic/etc will manage to give their investors enough RoI to justify the investment

[ttoinou]

We should have a clearer view of permissions of the AI, operations it does, and have one button per day to accept/deny operations from given data. Instead of auto approval.