Comment on Google Translate is vulnerable to prompt injection
FauxLiving@lemmy.world 18 hours ago
A bit flip, but this reads like people discovering that a hammer built specifically for NASA with specific metallurgical properties at the cost of $10,000 each where only 5 will ever be forged, because they were all intended to sit in a space ship in orbit around the Moon.
Then someone comes along and acts surprised that one was used to smash out a car window to steal a laptop.
LLMs will always be vulnerable to prompt injection because of how they function. Maybe, at some point in the future, we’ll understand enough about how LLMs represent knowledge internally so that we can craft specific subsystems to mitigate prompt injection… however, in 2026, that is just science fiction.
There are actual academic projects which are studying the boundaries of the prompt-injection vulnerabilities if you read in the machine learning/AI journals. These studies systemically study the problem, gather data and demonstrate their hypothesis.
One of the ways you can tell real Science from ‘hey, I heard’ science is that real science articles don’t start with ‘Person on social media posted that they found…’
This is a very interesting topic and if you’re interested you can find the actual science by starting here: www.nature.com/natmachintell/.
JackbyDev@programming.dev 18 hours ago
I wouldn’t have necessarily thought it obvious Google Translate uses an LLM so this is still interesting.
FauxLiving@lemmy.world 18 hours ago
In my testing, by copying the claimed ‘prompt’ from the article into Google Translate, it simply translated the command. You can try it yourself.
So, the source of everything that kicked off the entire article, is ‘Some guy on Tumblr’ vouching for an experiment, which we can all easily try and fail to replicate.
Seems like a huge waste of everyone’s time. If someone is interested in LLMs, then consuming content like in the OP feels like knowledge but it often isn’t grounded in reality or is framed in a very misleading manner.
On social media, AI is a topic that is heavily loaded with misinformation.
teft@piefed.social 16 hours ago
Google patches things like this very quickly. They have for decades. That’s probably why it doesn’t work for you since it’s been at least 8 hours since the original post.
JackbyDev@programming.dev 17 hours ago
lemmy.world/comment/22022202