|
|
|
|
|
|
by zby
3 hours ago
|
|
|
If the action is decided by code based on metadata - then what is really the LLM task? And if you say that it is only the type of action that is decided by code - then this is maybe a mitigation - but the llm still can do a lot of harm. And also it is very limiting - using the llm to decide the action is very useful. This is different from SQL injection - where the action is determined by the code and the injection is really making a code parsing error. It might still be the way to go - but calling it 'the real solution' is overselling it. |
|
|