logoalt Hacker News

keepamovintoday at 1:43 AM1 replyview on HN

Right - but that sounds too intractable to hold up. See my other comment, I feel a chain of monitors defeats it. But hey! Who knows?


Replies

jdifftoday at 1:59 AM

An n-deep chain of monitors doesn't really have any defense that an (n-1)-deep chain of monitors has. None of them have the capacity to separate data and instructions. All you're doing is (in some ways) giving the model more rolls of the dice to catch what's going on, but the kind of dice and the needed values to roll are in the attacker's hands as much as yours.

show 1 reply