Agree with other comments here - no need for the user to engage with anything from the malicious email, only to continue using their account with some LLM interactions. The account is poisoned even for known safe self initiated interactions.

I've shared a repo here with deterministic, policy driven routing of user inputs so as to operate with it without influencing agent decisions (though it's up to tool calls to take precautions with what they return) https://github.com/its-emile/memory-safe-agent The teams at owasp are great, join us !

This is a valuable thread to pull thank you: how about differentiating targeted, sticky advertising vs context based advertising. On my local paper website, I value being shown local stuff (to your point on small business). On security websites, show me security products. On HN, Show me tech and science.

The ADD incidence rate being 10x for adults since 2005 (not to even mention kids), we'd all appreciate relevance to what we're exploring/thinking about/learning, rather than the genuine nuisance of nagging for something out of context because we're tracked all around the web.

I feel for your pain, and I'm interested in paths that overcome the collapse of trust we're going through. I think your question matters a lot, to reach solutions all of us need (and not quit until we find a positive one)

I think your idea has already worked for some companies to filter out AI applications, why not try? Especially in a font color identical to the background. You can also scaffold your way to generate questions that get the worst LLM performance, while still being very clear to understand, one side validating the clarity and theoretical tractability for the age, and one side actually solving it. Actor and two critics maybe. I have a container somewhere to create and use this kind of chain visually, could put it on GitHub but I'm sure there are dozens already

I'm hiring, and discussions of how we want to respond to engineer candidates who get stuck are interesting. I'm personally more interested in their collaboration (wildcard) than their chat-fu (assumed at this point). So my advice to people reading this with interviews in the next year (or next week) is to consider getting off the screen and solving something with a person. We will all get plenty of self-solving time, but it helps if you can show that you can explain yourself during rapid fire situations involving others, or to bring them along with your plan, or building an unfamiliar plan B with others when two AZ are down in us-east-1 and noone planned for XYZ to be unavailable (eg something that the LLM site depended on) Not that I'm certain it'll happen, but I think calculators (to go back to this story) were more reliable than anything we've typed into the past month, and for me that includes their batteries.

I'd love to get a look at your implementation, this sounds brilliant. What do you feel for you through the challenges? More porting, or navigating the core?

In the UI the reasoning is visible. The API can probably return it too, just check the code

functions work fairly well for that https://platform.openai.com/docs/guides/function-calling