alt Hacker NewsSo we still don't have a reliable way to separate instructions from data when talking to an LLM, a problem that humans learned how to solve decades ago in areas like SQL and memory safety. But hey, we have these hopefully-not-leaky containers, which are probably implemented with just more system prompts.
How long until somebody figures out how to trick Codex into disabling Lockdown Mode for you?
Replies
We can seperate them but the $ value of an agent that does is much lower than one that doesn't.
As a pre LLM analogy imagine working at a bank with a whitelist firewall. You need to install a package but requires an IT ticket. Safer but slooooower.
Now not saying what the answer here is but that is the issue.
The answer may be more like industries that get safer through lessons (like aviation) rather than go for 100% safety out of the gate. Because both fast travel and AI agents are insanely useful.
> So we still don't have a reliable way to separate instructions from data when talking to an LLM
Humans also do not know how to do this reliably, which is why phishing is still a thing and always will be.