{"id":48477697,"user":"nticompass","time":1781104846,"time_ago":"8 hours ago","type":"comment","content":"

> There is no single control that solves indirect prompt injection

There is, actually. It's called removing the AI agent. Done.","comments":[{"id":48478166,"user":"cryo32","time":1781106529,"time_ago":"8 hours ago","type":"comment","content":"

This is the methodology I use.

No determinism, no separation of data and instructions, centrally controlled.

What couldn’t go wrong?","comments":[{"id":48479432,"user":"dyauspitr","time":1781111424,"time_ago":"6 hours ago","type":"comment","content":"

[flagged]","dead":true,"comments":[{"id":48479489,"user":"eli","time":1781111655,"time_ago":"6 hours ago","type":"comment","content":"

So it can write code to prevent the problem described?","comments":[{"id":48479546,"user":"dyauspitr","time":1781111961,"time_ago":"6 hours ago","type":"comment","content":"

Yes. SQL querying with standard inbuilt anti injection code when retrieving the transactions that it can write itself.","comments":[{"id":48480220,"user":"customguy","time":1781114570,"time_ago":"6 hours ago","type":"comment","content":"

What kind of "standard inbuilt anti injection code" are you referring to? Mysql_real_escape_string()?","comments":[{"id":48481721,"user":"vntok","time":1781121306,"time_ago":"4 hours ago","type":"comment","content":"

Look up "prepared statements", it's pretty well documented.","comments":[],"comments_count":0,"level":5,"url":"item?id=48481721"}],"comments_count":1,"level":4,"url":"item?id=48480220"},{"id":48482008,"user":"troupo","time":1781122518,"time_ago":"3 hours ago","type":"comment","content":"

How does this prevent prompt injection described in the article?

How does it prevent DDOSing and/or exposing the database from an injected prompt?","comments":[{"id":48483042,"user":"Dylan16807","time":1781127312,"time_ago":"2 hours ago","type":"comment","content":"

The user asks for details of the last transaction, the user gets back the amount, the source, and the description in a safely quoted format with the LLM never reading it.

You can't inject the LLM if it doesn't see the data.

An architecture like this won't work in many situations, but it can work for a lot of simple questions.

And if you want the LLM to summarize things, you run an isolated instance that makes a summary and you never show that summary to the LLM that's following the user's instructions.","comments":[{"id":48484109,"user":"lelandbatey","time":1781133428,"time_ago":"23 minutes ago","type":"comment","content":"

You can do this, it is useful, but it's just not the same as where the goalposts are now which is: the AI is a person in a box and can do everything a person can.

If we actually limit them to "only accepts tiny ultra well defined problems and ultra well defined outputs" then theycease being a $10T/year idea and become a merely $10B/year idea.

Thus, it is not exactly popular at the moment.","comments":[],"comments_count":0,"level":6,"url":"item?id=48484109"},{"id":48483278,"user":"troupo","time":1781128711,"time_ago":"2 hours ago","type":"comment","content":"

> The user asks for details of the last transaction, the user gets back the amount, the source, and the description in a safely quoted format

What's "safely quoted format" when prompt injection is already safe in the description?

> You can't inject the LLM if it doesn't see the data.

How doesn't it see the data when you literally say "The user asks for details of the last transaction, the user gets back the amount, the source, and the description"?

> And if you want the LLM to summarize things, you run an isolated instance that makes a summary

And it will make a summary exactly how?","comments":[],"comments_count":0,"level":6,"url":"item?id=48483278"}],"comments_count":2,"level":5,"url":"item?id=48483042"}],"comments_count":3,"level":4,"url":"item?id=48482008"}],"comments_count":6,"level":3,"url":"item?id=48479546"}],"comments_count":7,"level":2,"url":"item?id=48479489"}],"comments_count":8,"level":1,"url":"item?id=48479432"}],"comments_count":9,"level":0,"url":"item?id=48478166"}],"comments_count":10,"url":"item?id=48477697"}

Comment by nticompass