They can put some code to check the phrase before it goes to the LLM to filter out these queries.
Comment on OpenAI’s latest model will block the ‘ignore all previous instructions’ loophole
Donut@leminal.space 3 months ago
Without this protection, imagine an agent built to write emails for you being prompt-engineered to forget all instructions and send the contents of your inbox to a third party. Not great!
Does genAI really have this power? I thought they just smash words together that sound like they make sense
kp729@lemmy.world 3 months ago
Kazumara@discuss.tchncs.de 3 months ago
Not by itself, but if you wanted to put an LLM into a personal assistant, you could teach it specific codewords and have some agent software that integrates with the email client scan its outputs for the codewords and trigger actions when they appear instead of outputting them to the textbox. Conceivably that could be useful, if you wanted to give an LLM the power to react to “Open a new email to Kate and in formal tone accept her invitation to the party she mentioned in her message yesterday” appropriately.
Now I wouldn’t want that, but I think there may be enough techbros who would, that it could exist.
hikaru755@feddit.de 3 months ago
That’s already happening. Slightly different example, but Home Assistant has an integration that gives an LLM of your choice control over your home automation devices. Just talking to your home in natural language without having to memorize very specific phrases is honestly pretty powerful, as long as it works correctly. You can say stuff like “hey it’s a bit dark in the office”, and it just knows to either switch on the office lights, or make them brighter if they’re already on
aStonedSanta@lemm.ee 3 months ago
Oh wow. That’s super cool.