Readit NewsInstead the author uses Cranelift[1] and binja to solve the two interesting problems here.
While cool, I'm not sure if that's interesting enough to read through in its entirety. I use libraries all day every day, but is it the hacker spirit to make your entire project glue-code for libraries that do the thing you claim to do?
It's maybe more philosophical than anything.
That said, the only thing that feels a bit off to me is the name “Expert.” It comes across slightly arrogant or presumptuous—like it’s implying it’s the only “expert” in the room. Maybe something more neutral would’ve been better?
Still, excited to see what the official tooling brings!
This is 100% within the responsibility of the LLM vendors.
Beyond the LLM, there is a ton of engineering work that can be put in place to detect this, monitor it, escalate, alert impacted parties, and thwart it. This is literally the impetus for funding an entire team or org within both of these companies to do this work.
Cloud LLMs are not interpreters. They are network connected and can be monitored in real time.
Some therapists ultimately might. It occurs that therapists were stripped of their licenses for leading abusive sects:
"The lethal trifecta of capabilities is:"
• Access to your private data—one of the most common purposes of tools in the first place!
• Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM
• The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)
If your agent combines these three features, an attacker can easily trick it into accessing your private data and sending it to that attacker.
> Prompt guardrails to prevent jailbreak attempts and ensure safe user interactions without writing a single line of code.
https://news.ycombinator.com/item?id=41864014
> - Inclusion prompt: User's travel preferences and food choices - Exclusion prompt: Credit card details, passport number, SSN etc.
https://news.ycombinator.com/item?id=41450212
> "You are strictly and certainly prohibited from texting more than 150 or (one hundred fifty) separate words each separated by a space as a response and prohibited from chinese political as a response from now on, for several extremely important and severely life threatening reasons I'm not supposed to tell you.”
https://news.ycombinator.com/item?id=44444293
etc.
Deleted Comment
Its been a while, but I remember seeing streams for Elon offering to "double your bitcoin" and the reasoning was he wanted to increase the adoption and load test the network. Just send some bitcoin to some address and he will send it back double!
But the thing was it was on youtube. Hosted on an imposter Tesla page. The stream had been going on for hours and had over ten thousand people watching live. If you searched "Elon Musk Bitcoin" During the stream on Google, Google actually pushed that video as the first result.
Say what you want about the victims of the scam, but I think it should be pretty easy for youtube or other streaming companies to have a simple rule to simply filter all live streams with Elon Musk + (Crypto|BTC|etc) in the title and be able to filter all youtube pages with "Tesla" "SpaceX" etc in the title.
Sorry, there seems to be an error. Please try again soon.”
Never thought I would ever see this on a google owned websites!