Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Maybe I'm missing something because I really haven't studied this issue much at all, but would it not be possible to designate some new character as "START_ROLE_TAG" and "END_ROLE_TAG", and then to strip those in any data put into tool responses?

They did that - the malicious input can be in any tag, but the LLM determines the role from the style of speaking, not the tag.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: