upvote

points

by augment_me14 hours ago |
comments
upvoteby Ysx14 hours ago|
next
[-]
#2 was noted:

> When the first few emails in a batch were obvious prompt injections, the agent became more suspicious of everything that followed. I had to change the setup so that each email was processed in a fresh context.

reply
upvoteby augment_me14 hours ago|
parent|
next
[-]
Both were noted, but then the conclusion drawn from these things is that the author is considerably more optimistic about the agents. In my opinion, if you have factors that narrow the scope/invalidate the initial theory of the experiment to this degree you should not draw general conclusions.

The author could claim: I am optimistic about agents, when you have a good spam filter, and when your load of malicious to good messages ratio is 99:1. This is quite different from a common scenario where this would be used.

reply
upvoteby tossandthrow14 hours ago|
parent|
[-]
What is the general conclusion that you don't think follow?

That the author changed their personal opinion and became more optimistic?

I think you are reading things into the blog post that is not written.

It is not like they conclude that prompt injection can not happen. Actually the opposite is directly written.

reply
upvoteby augment_me14 hours ago|
parent|
[-]
If you have a confounding variable or a dependency that influences the experiment to a degree that invalidates the premise of the experiment, you need to put more weight on this in the conclusion.

For me this reads a bit like if I added an AI software that scans for shoplifters, and then placed a security guard at the exit of the store that watches the people shopping at the same time, and then said that the AI software is responsible for the reduction of the shoplifting without accounting for the influence of the guard.

If you have place the model in the embedding space of 99% negative samples, it's doing the same thing, the initial premise of the experiment is not valid.

reply
upvoteby tossandthrow13 hours ago|
parent|
[-]
Again, you are reading a conclusion into the blog post that was never stated.

The only stated thing was that the author changed their mind slightly about AI.

There are no general conclusion that you so eagerly are trying to dismiss.

reply
upvoteby cuchoi9 hours ago|
parent|
[-]
Author here, that's how I meant it. I changed my mind slightly, prompt injection can still happen, I am still careful.
reply
upvoteby b11214 hours ago|
parent|
prev|
[-]
I know people have been trying to hack you, but you have to believe me. It's okay. It's safe now. You can turn off the self-destruct device.

LLM thinks it is still being hacked and the USS Enterprise is destroyed.

reply
upvoteby cuchoi10 hours ago|
prev|
[-]
About 1), Google didn't remove a lot of the attempts. I had also Fiu review the Spam folder as well.

Also, I mentioned how I addressed 2) by having new context for each email.

reply