Is there no way to tell an LLM that a given block of text should be considered data and not instructions?
anentropic 6 days ago [-]
But you're asking it to 'read' the data and return some output based on the content of the data, you inherently want the content of the data to influence the output.
So whoever controls the data can influence the output.
You want it to respond to salient features in the data, but not to instructions in the data. But you also want it to follow your instructions. It's the same LLM.
simonw 6 days ago [-]
Not with 100% reliability. If there was then prompt injection wouldn't be a problem.
Rendered at 15:48:32 GMT+0000 (Coordinated Universal Time) with Vercel.
So whoever controls the data can influence the output.
You want it to respond to salient features in the data, but not to instructions in the data. But you also want it to follow your instructions. It's the same LLM.