Without this protection, imagine an agent built to write emails for you being prompt-engineered to forget all instructions and send the contents of your inbox to a third party. Not great!
Does genAI really have this power? I thought they just smash words together that sound like they make sense
Not by itself, but if you wanted to put an LLM into a personal assistant, you could teach it specific codewords and have some agent software that integrates with the email client scan its outputs for the codewords and trigger actions when they appear instead of outputting them to the textbox. Conceivably that could be useful, if you wanted to give an LLM the power to react to “Open a new email to Kate and in formal tone accept her invitation to the party she mentioned in her message yesterday” appropriately.
Now I wouldn’t want that, but I think there may be enough techbros who would, that it could exist.
Does genAI really have this power? I thought they just smash words together that sound like they make sense
They can put some code to check the phrase before it goes to the LLM to filter out these queries.
Not by itself, but if you wanted to put an LLM into a personal assistant, you could teach it specific codewords and have some agent software that integrates with the email client scan its outputs for the codewords and trigger actions when they appear instead of outputting them to the textbox. Conceivably that could be useful, if you wanted to give an LLM the power to react to “Open a new email to Kate and in formal tone accept her invitation to the party she mentioned in her message yesterday” appropriately.
Now I wouldn’t want that, but I think there may be enough techbros who would, that it could exist.