Compete in HackAPrompt 2.0, the world's largest AI Red-Teaming competition!

Check it out โ†’
learnprompting logo
Sitting astronautLearn Prompting
Prompt Engineering Guide
๐Ÿ˜ƒ Basics
๐Ÿ’ผ Applications
๐Ÿง™โ€โ™‚๏ธ Intermediate
๐Ÿค– ะะณะตะฝั‚ั‹
โš–๏ธ Reliability
๐Ÿ–ผ๏ธ Image Prompting
๐Ÿ”“ Prompt Hacking
๐Ÿ”จ Tooling
๐Ÿ’ช Prompt Tuning
๐ŸŽฒ Miscellaneous
๐Ÿ“š Bibliography
Resources
๐Ÿ“ฆ Prompted Products
๐Ÿ›ธ Additional Resources
๐Ÿ”ฅ Hot Topics
โœจ Credits
๐Ÿ”“ Prompt Hacking๐ŸŸข Defensive Measures๐ŸŸข Other Approaches

Other Approaches

๐ŸŸข This article is rated easy
Reading Time: 1 minute
Last updated on August 7, 2024

Sander Schulhoff

Although the previous approaches can be very robust, a few other approaches, such as using a different model, including fine tuning, soft prompting, and length restrictions, can also be effective.

Using a Different Model

More modern models such as GPT-4 are more robust against prompt injection. Additionally, non-instruction tuned models may be difficult to prompt inject.

Fine Tuning

Fine tuning the model is a highly effective defense, since at inference time there is no prompt involved, except the user input. This is likely the preferable defense in any high value situation, since it is so robust. However, it requires a large amount of data and may be costly, which is why this defense is not frequently implemented.

Soft Prompting

Soft prompting might also be effective, since it does not have a clearly defined discrete prompt (other than user input). Soft prompting effectively requires fine tuning, so it has many of the same benefits, but it will likely be cheaper. However, soft prompting is not as well studied as fine tuning, so it is unclear how effective it is.

Length Restrictions

Finally, including length restrictions on user input or limiting the length of chatbot coversations as Bing does can prevent some attacks such as huge DAN-style prompts or virtualization attacks respectively.

Sander Schulhoff

Sander Schulhoff is the CEO of HackAPrompt and Learn Prompting. He created the first Prompt Engineering guide on the internet, two months before ChatGPT was released, which has taught 3 million people how to prompt ChatGPT. He also partnered with OpenAI to run the first AI Red Teaming competition, HackAPrompt, which was 2x larger than the White House's subsequent AI Red Teaming competition. Today, HackAPrompt partners with the Frontier AI labs to produce research that makes their models more secure. Sander's background is in Natural Language Processing and deep reinforcement learning. He recently led the team behind The Prompt Report, the most comprehensive study of prompt engineering ever done. This 76-page survey, co-authored with OpenAI, Microsoft, Google, Princeton, Stanford, and other leading institutions, analyzed 1,500+ academic papers and covered 200+ prompting techniques.

Footnotes

  1. Goodside, R. (2022). GPT-3 Prompt Injection Defenses. https://twitter.com/goodside/status/1578278974526222336?s=20&t=3UMZB7ntYhwAk3QLpKMAbw โ†ฉ

  2. Selvi, J. (2022). Exploring Prompt Injection Attacks. https://research.nccgroup.com/2022/12/05/exploring-prompt-injection-attacks/ โ†ฉ