undefined | Better HN

0 pointsmbreese2mo ago0 comments

In my experience, anytime someone suggest that it’s possible to “just” do something, they are probably missing something. (At least, this is what I tell myself when I use the word “just”)

If you tag your inputs with flags like that, you’re asking the LLM to respect your wishes. The LLM is going to find the best output for the prompt (including potentially malicious input). We don’t have the tools to explicitly restrict inputs like you suggest. AFAICT, parameterized sql queries don’t have an LLM based analog.

It might be possible, but as it stands now, so long as you don’t control the content of all inputs, you can’t expect the LLM to protect your data.

Someone else in this thread had a good analogy for this problem — when you’re asking the LLM to respect guardrails, it’s like relying on client side validation of form inputs. You can (and should) do it, but verify and validate on the server side too.

0 comments

sodapopcan2mo ago

"Can't you just..."

The beginning of every sentence from a non-technical coworker when I told them their request was going to take some time or just not going to happen.

8n4vidtmkvmk2mo ago

Right, it needs to be fixed at the model level.

I'm not sure if that's possible either but I'm thinking a good start would be to separate the "instructions" prompt from the "data" and do the entire training on this two-channel system.

j / k navigate · click thread line to collapse