← Back to context

Comment by arein3

9 hours ago

Why is it limiting the usefulness?

You have a set of apis that user can access to do something, the llm uses those same apis. How is that limiting usefulness? By not invoking apis user is not allowed to?

The only way to mitigate the damage an LLM can do because of prompt injection is to limit what that LLM can do in the first place. That’s what they mean by limiting its usefulness. If an LLM has access to an api and I want it to abuse that API in some way, I can attack its prompt and eventually get it to use the api the way I want

  • All apis have to authorize and authenticate if they do sensitive stuff. Otherwise youre asking for it.

    • Yes, but whatever the LLM has authenticated access to, an attacker can convince it to mess with on their behalf.