logoalt Hacker News

jdiffyesterday at 6:03 PM1 replyview on HN

It opens a can of worms for them if they do consider prompt injection a bug because there's ultimately no defense. If they accept this, there are instantly hundreds of other moles they now have to whack or pay out for.

Or dismiss them all as social engineering and keep it moving.


Replies

orbital-decayyesterday at 11:23 PM

>because there's ultimately no defense

Kind of? It's not fixable as a spherical class of attacks in vacuum, but you can do a lot to mitigate particular cases, and in most cases you can patch unnecessary side channels for the injection to reach the context in an unintended way.

show 1 reply