From a practical point of view, what are people thinking about what is considered trustworthy input? Is the data in your CRM trusted?

Keeping the orchestration (and state changes) outside of the LLM is where my thinking is at until I can figure out the answer to that question (among others).

▲

simonw 3 days ago | parent [-]

Anything an adversarial attacker might be able to populate is untrusted. If there's a form they can use to add things to the CRM then that's tainted too.

	▲	wj 2 days ago \| parent [-]
		Agree with you from the theoretical POV but, in practice, that means that any CRM that has been used to store an email is untrusted data. Basically, a business's most trusted data source is untrusted in the LLM context. Which feels like a bridge that is going to need to be crosssed as the alternative is to just use new data (with a clearly traced and entirely internal lineage).