Wulfy<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dangoodin</span></a></span> </p><p>Weird thing I observed in <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a><br>There is an incredible amount of disinterest/contempt for <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> amongst many practitioners.</p><p>This contempt extends to willful ignorance about the subject.<br>q.v. "stochastic parrots/bullshit machines" etc.</p><p>Which, in a field with hundreds of millions of users, strikes me as highly unprofessional. Just the other day I read a blog post by a renown hacker (and likely earned a mute/block) "Why I don't use AI and you should not too". </p><p>Connor Leahy, CEO of <a href="https://infosec.exchange/tags/conjecture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conjecture</span></a> is one of the few credible folks in the field. </p><p>But to the question at hand.<br>The prompts are superbly sanitised.<br>In part by design, in part due to the fact that you are not connecting to a database but to a multidimensional vector data structure.</p><p>The <a href="https://infosec.exchange/tags/prompt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>prompt</span></a> is how you get in through the backdoor. Though I haven't looked into fuzzing, but I suspect because of the tech, the old <a href="https://infosec.exchange/tags/sqlinjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sqlinjection</span></a> tek and similar will not work.</p><p>Long story short; It is literally impossible to build a secure <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a>. By the virtue of the tech.<br><a href="https://infosec.exchange/tags/promptengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>promptengineering</span></a> is the key to open the back door to the knowledge tree.</p><p>Then of course there are local models you can train on your own datasets. Including a stack of your old <a href="https://infosec.exchange/tags/2600magazine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2600magazine</span></a> </p><p><a href="https://infosec.exchange/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/aisecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aisecurity</span></a> <a href="https://infosec.exchange/tags/aisafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aisafety</span></a></p>