| ▲ | snailmailman 4 days ago | |||||||
How is the second LLM not also vulnerable from prompt injection? In order to supervise the first, it must receive data (presumably output from the first LLM?). All generated output after the user input is in the context should be considered possibly compromised/prompt injected. Having a second LLM just adds more obfuscation, but prompt injection could be chained. | ||||||||
| ▲ | j_w 4 days ago | parent | next [-] | |||||||
That's when you bust out the third LLM. Nobody expects the fourth LLM to be the REAL LLM in the chain. | ||||||||
| ||||||||
| ▲ | tweetle_beetle 4 days ago | parent | prev [-] | |||||||
Quis custodiet ipsos custodes? | ||||||||