I like to think of the security issues LLMs have as: what if your codebase was vulnerable to social engineering attacks?

You have to treat LLMs as basically similar to human beings: they can be tricked, no matter how much training you give them. So if you give them root on all your boxes, while giving everyone in the world the ability to talk to them, you're going to get owned at some point.

Ultimately the way we fix this with human beings is by not giving them unrestricted access. Similarly, your LLM shouldn't be able to view data that isn't related to the person they're talking to; or modify other user data; etc.

▲

dwohnitmok 4 hours ago | parent [-]

> You have to treat LLMs as basically similar to human beings

Yes! Increasingly I think that software developers consistently underanthropomorphize LLMs and get surprised by errors as a result.

Thinking of (current) LLMs as eager, scatter-brained, "book-smart" interns leads directly to understanding the overwhelming majority of LLM failure modes.

It is still possible to overanthropomorphize LLMs, but on the whole I see the industry consistently underanthropomorphizing them.

	▲	Terr_ 22 minutes ago \| parent [-]
		I think it's less over/under, and more optimistically/pessimistically. People focus too much on how they can succeed looking like smart humans, instead of protecting the system from how they can fail looking like humans that are malicious or mentally unwell.