Comment by Dylan16807
3 hours ago
> There was a time when some languages / platforms only addressed SQL injection with escaping. That’s basically where we’re at with prompt injection now
No, we're in a far worse place. Escaping SQL is 100% reliable when you apply it to every field (and you don't mix up encodings, see mysql_real_escape_string). Prepared statements 'just' keep you from forgetting. The state of the art for separation in an LLM is a loose advisory at best.
No comments yet
Contribute on Hacker News ↗