A Mechanistic Explanation of Prompt Injection (and why you should study roles)

Charles Ye·LessWrong·Community·

SummaryWe've been building a theory of how prompt injections work under the hood.We show it comes down to how LLMs perceive roles (the humble chat template tags).We use this theory to create new attacks, explain some weird mech interp results, and predict when attacks work.We also advocate for a new subfield focused on the science of roles, and sketch some unexplored new research problems.Work supported by CBAI and Cosmos. Another version of this post (with more inline colors) is here, and full ...

Read full article →

Related Articles

Codex logging bug may write TBs to local SSDs
vantareed · Hacker News · 11h ago
window.showDirectoryPicker opens up a whole new world
steveharrison · Hacker News · 6h ago
Chevron signs 20-year power agreement with Microsoft for West Texas data center
cdrnsf · Hacker News · 5h ago
Google Hits 50% IPv6
barqawiz · Hacker News · 1d ago
Investors get real-time view of UK bond market activity for the first time
monkeydust · Hacker News · 11h ago