this post was submitted on 27 May 2024
1102 points (98.0% liked)
Technology
59534 readers
3199 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Prompt injection has shown us that basically any attempt to limit the output like this is doomed to fail. Like anti-piracy ones, where if you ask directly for the info it says no, but if you ask for the info under the guise of avoiding it, it gives up everything.
Or for instance with the twitter bot, you could get it to regurgitate its own horrifically hateful prompt, then give it a replacement prompt and tell it to change its whole personality, then tell it to critique its previous prompt. There is currently no way to create a prompt that has supremacy over the user input. You can't ask it to keep a secret because it doesn't know what a secret is.
I think because we're getting access to hallucinations, it's a bit like telling a person "don't think about an elephant". Well, they just did, because you prompted them to with the instruction. LLMs similarly can't actually control what they output.