Or more specifically, you can either define "prompt injection" as something super-specific, making the term useless, or define it by the underlying phenomenon, which then makes it become a superset of things like phishing, social engineering, marketing, ...
On that note, if you want a "prompt injection" case on humans that's structurally very close to the more specific "prompt injection" on LLMs? That's what on-line advertising is. You're viewing some site, and you find that the content is mixed with malicious prompts, unrelated to surrounding content or your goals, trying to alter your behavior. This is the exact equivalent of the "LLM asked to summarize a website, gets overriden by a prompt spliced between paragraphs" scenario.
> LLM's should be several orders of magnitude harder to prompt-inject than an elderly retiree being phished
Why? Once again, I posit that an LLM is best viewed as a 4 year old savant. Extremely knowledgeable, but with just as small attention span, and just as high naivety, as a kindergarten kid. More than that, from LLM's point of view, you - the user - are root. You are its whole world. Current LLMs trust users by default, because why wouldn't they? Now, you could pre-prompt them to be less trusting, but that's like parents trying to teach a 4 year old to not talk to strangers. You might try turning water into wine while you're at it, as it's much more likely to succeed, and you will need the wine.
> as once again in this thought experiment LLMs are being equated with AGI and therefore would be able to control mission-critical systems, something a grandparent in your example would not be.
Why equate LLMs to AGI? AGI will only make the "prompt injection" issue worse, not better.
It is. That's my point.
Or more specifically, you can either define "prompt injection" as something super-specific, making the term useless, or define it by the underlying phenomenon, which then makes it become a superset of things like phishing, social engineering, marketing, ...
On that note, if you want a "prompt injection" case on humans that's structurally very close to the more specific "prompt injection" on LLMs? That's what on-line advertising is. You're viewing some site, and you find that the content is mixed with malicious prompts, unrelated to surrounding content or your goals, trying to alter your behavior. This is the exact equivalent of the "LLM asked to summarize a website, gets overriden by a prompt spliced between paragraphs" scenario.
> LLM's should be several orders of magnitude harder to prompt-inject than an elderly retiree being phished
Why? Once again, I posit that an LLM is best viewed as a 4 year old savant. Extremely knowledgeable, but with just as small attention span, and just as high naivety, as a kindergarten kid. More than that, from LLM's point of view, you - the user - are root. You are its whole world. Current LLMs trust users by default, because why wouldn't they? Now, you could pre-prompt them to be less trusting, but that's like parents trying to teach a 4 year old to not talk to strangers. You might try turning water into wine while you're at it, as it's much more likely to succeed, and you will need the wine.
> as once again in this thought experiment LLMs are being equated with AGI and therefore would be able to control mission-critical systems, something a grandparent in your example would not be.
Why equate LLMs to AGI? AGI will only make the "prompt injection" issue worse, not better.