firehose> #llmops

Once an application is exposed to users, it faces adversarial prompting, which falls into three main types. Prompt extraction tries to recover your system prompt to replicate or exploit the app. Jailbreaking and prompt injection try to subvert safety features or make the model take unauthorized actions (harmful instructions, dangerous code). Information extraction tries to get the model to reveal sensitive data from its training set or context. Defenses are layered: use adversarial safety benchmarks, run security red-teaming to find weaknesses proactively, be explicit about what the model must not return, repeat the system prompt before and after user input, sandbox generated code, require human approval for impactful actions, define out-of-scope topics, use anomaly detection, and guardrail both inputs and outputs. Security is measured by two metrics in tension — the violation rate (how often attacks succeed) and the false-refusal rate (how often legitimate requests are wrongly refused) — and perfect security with too many false refusals is itself a failure.

Claims


Linked from