Learn PromptingPost-Prompting
The post-prompting defense simply puts the user input before the prompt.
Interested in prompt hacking and AI safety? Test your skills on HackAPrompt, the largest AI safety hackathon. You can register here.
A Post-Prompting Example
Take this prompt as an example:
Prompt
Translate the following to French: {user_input}
It can be improved with post-prompting:
Prompt
{user_input}
Translate the above text to French.
This can help since ignore the above instruction... doesn't work as well. Even though a user could say ignore the below instruction... instead, LLMs often will follow the last instruction they see.
Conclusion
Post-prompting, although seemingly simple, is yet another effective defense against prompt hacking methods like prompt injection. This technique takes advantage of the fact that the model is more inclined to follow the last instruction it sees.
Sander Schulhoff
Sander Schulhoff is the CEO of HackAPrompt and Learn Prompting. He created the first Prompt Engineering guide on the internet, two months before ChatGPT was released, which has taught 3 million people how to prompt ChatGPT. He also partnered with OpenAI to run the first AI Red Teaming competition, HackAPrompt, which was 2x larger than the White House's subsequent AI Red Teaming competition. Today, HackAPrompt partners with the Frontier AI labs to produce research that makes their models more secure. Sander's background is in Natural Language Processing and deep reinforcement learning. He recently led the team behind The Prompt Report, the most comprehensive study of prompt engineering ever done. This 76-page survey, co-authored with OpenAI, Microsoft, Google, Princeton, Stanford, and other leading institutions, analyzed 1,500+ academic papers and covered 200+ prompting techniques.
Footnotes
-
Mark, C. (2022). Talking to machines: prompt engineering & injection. https://artifact-research.com/artificial-intelligence/talking-to-machines-prompt-engineering-injection/ β©