Pretty lite reading. I was expecting some actual useful things beyond secure you... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Kerbonut on April 16, 2024 \| parent \| context \| favorite \| on: NSA publishes guidance for strengthening AI system... Pretty lite reading. I was expecting some actual useful things beyond secure your system 101. Closest we got was check for jailbreak attacks… seriously? Why not design for jailbreak in mind so it doesn’t matter what they can get the AI to attempt to do. I.e., if the user tries to get the AI to unlock a door, if the user doesn’t already have authorization for that function then it shouldn’t work even if the AI attempts it on their behalf, and conversely, if they have the authorization then who cares if they coaxed the AI to do it for them?

ipython on April 16, 2024 [–]

This is exactly the advice I give my customers - treat the llm as an untrusted entity. Implement authentication and authorization at the data access and api layer and ensure there is a secure side channel to communicate identity information to backend resources.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact