Note #2023-11-27-001

Srijan Choudhary

27 Nov 2023 08:45 AM

> Reply to Simon Willison: "I extracted my explanation of prompt injection fr…" - Mastodon

A nice summary of prompt injection. I think this is only solvable if the model natively takes two inputs and explicitly considers the second untrusted.

Interactions

Simon Willison 27 Nov 2023 02:30 PM

@srijan.ch I agree, that's the solution I'm hoping for - but I'm beginning to suspect that it may not be possible to implement that at all, especially on current LLM transformer-based architectures

Reply