Yes but I’m also not convinced it’s completely solvable. The nature of how LLMs work make them potentially impossible to “secure” from many different attacks.
Discussion
I agree, as well XSS isn't 'solvable,' but it can be mitigated. I think there are similarities here. Also, things can be very different in a few years, so I try not to speculate too much
Yes and no. Xss can be “solved” by being smart in how you handle user input. The problem with LLMs is, how do you know what is legitimate user input and what isn’t? When accepting user input into a form, I can reliably estimate that html elements aren’t part of the expected input.
But with an LLM, it’s not as easy to determine what is legitimate or not. It depends on the use case obviously but it’s extremely difficult since a lot of times you’re slamming other context in from other inputs.
es, I agree, but 'being smart' is something that needs to be developed. XSS still exists and is used as an attack method, but for the majority of users, it doesn't represent a significant problem since developers typically follow best practices. These best practices are a compendium of knowledge and experience. I believe the same will happen with LLMs, even though it currently seems difficult and 'impossible' to solve. Common prompt injection patterns and methodologies could be mitigated. We will, of course, have more sophisticated attacks, but that also makes them more expensive since they would need to be highly personalized and subtle to bypass guardrails or whatever security methods we have in the future. However, this is just about prompt injection and not other LLM based attacks, such as impersonation, etc. In summary, we are still in the early
You’re more optimistic than I am 🤣you wouldn’t believe the number of completely ridiculous XSS bugs actually exist in production applications. Most devs are clueless about how to write secure code, even if the information is out there
Hahaha i mean, im optimistic in that I'll be able to mitigate these vectors. Regular people are cooked
people who use mostly nostr apps are using better auth than normies also. JWT is equivalent but almost none of the big sites use it except devs and infra stuff. this puts us clear out front ahead of this kind of stuff. and devs who understand that you must use PKI for auth also tend to know the attack vectors. so we don't tend to use vulnerable stuff like html and some, at least, understand that zapping is the answer to the problem of advertising which often is an attack vector in normieweb. plain text, asymmetric cryptography and not using cloud LLMs.
shit is gonna get really freakish for normies with LLMs in the mix. they are all gonna get fleeced and a few will actually get some schooling. since normies are too busy in the rat race, i personally only care about the ones who are open to a schooling.
Totally agree 🤝
It‘s like trying to tell a many-faced die it should show certain values.