Anyone working on LLM security aspects? Would love to know what others thinking. This blog I found interesting. https://simonwillison.net/2023/May/2/prompt-injection-explained/

Super interesting stuff! I am not sure I agree with "security based on probability is no security at all". Isn't literally all security is based on probability? i.e. I generate very large random numbers, and the probability that you'll "just guess" the same number is infinitesimally low? So yeah, 99% means there

1/100

chance of someone randomly getting through, which is indeed far too high for security. But - they didn't show that those proposed approached fail

1/100

times. And - at some point

1/extremely large number

is actually considered low enough probability for random guessing that it is secure enough. He says:

And if we don’t get to 100%, I don’t think we’ve addressed the problem in a responsible way.

Which sounds like a lot of executives when talking about security, but doesn't sound like most security professionals I've worked with - those do talk in terms of ROI and probabilities. Also, isn't his solution involves basically adding a human to the loop? to the human gets to review all the input/output for the AI? Given the prevalence of social engineering and phishing, I doubt this will work as intended... I am skeptical about a very specific point here... the talk as a whole has many points that I find insightful and tend to agree with.

Yeah but mainly prompting is opening up a whole new area for startups/researchers and a headache for the security professionals 😅