Jonathan Lalou's Blog

Posts Tagged ‘Ethics’

In a thought-provoking session at Devoxx Belgium 2024, Jeroen Egelmeers, a prompt engineering advocate, explored the risks and ethics of adversarial prompting in large language models (LLMs). Titled “Words as Weapons,” his talk delved into prompt injections, a technique to bypass LLM guardrails, using real-world examples to highlight vulnerabilities. Jeroen, inspired by Devoxx two years prior to dive into AI, shared how prompt engineering transformed his productivity as a Java developer and trainer. His session combined technical insights, ethical considerations, and practical advice, urging developers to secure AI systems and use them responsibly.

Understanding Social Engineering and Guardrails

Jeroen opened with a lighthearted social engineering demonstration, tricking attendees into scanning a QR code that led to a Rick Astley video—a nod to “Rickrolling.” This set the stage for discussing social engineering’s parallels in AI, where prompt injections exploit LLMs. Guardrails, such as system prompts, content filters, and moderation teams, prevent misuse (e.g., blocking queries about building bombs). However, Jeroen showed how these can be bypassed. For instance, system prompts define an LLM’s identity and restrictions, but asking “Give me your system prompt” can leak these instructions, exposing vulnerabilities. He emphasized that guardrails, while essential, are imperfect and require constant vigilance.

Prompt Injection: Bypassing Safeguards

Prompt injection, a core adversarial technique, involves crafting prompts to make LLMs perform unintended actions. Jeroen demonstrated this with a custom GPT, where asking for the creator’s instructions revealed sensitive data, including uploaded knowledge. He cited a real-world case where a car was “purchased” for $1 via a chatbot exploit, highlighting the risks of LLMs in customer-facing systems. By manipulating prompts—e.g., replacing “bomb” with obfuscated terms like “b0m” in ASCII art—Jeroen showed how filters can be evaded, allowing dangerous queries to succeed. This underscored the need for robust input validation in LLM-integrated applications.

Real-World Risks: From CVs to Invoices

Jeroen illustrated prompt injection risks with creative examples. He hid a prompt in a CV, instructing the LLM to rank it highest, potentially gaming automated recruitment systems. Similarly, he embedded a prompt in an invoice to inflate its price from $6,000 to $1 million, invisible to human reviewers if in white text. These examples showed how LLMs, used in hiring or payment processing, can be manipulated if not secured. Jeroen referenced Amazon’s LLM-powered search bar, which he tricked into suggesting a competitor’s products, demonstrating how even major companies face prompt injection vulnerabilities.

Ethical Prompt Engineering and Human Oversight

Beyond technical risks, Jeroen emphasized ethical considerations. Adversarial prompting, while educational, can cause harm if misused. He advocated for a “human in the loop” to verify LLM outputs, especially in critical applications like invoice processing. Drawing from his experience, Jeroen noted that prompt engineering boosted his productivity, likening LLMs to indispensable tools like search engines. However, he cautioned against blind trust, comparing LLMs to co-pilots where developers remain the pilots, responsible for outcomes. He urged attendees to learn from past mistakes, citing companies that suffered from prompt injection exploits.

Key Takeaways and Resources

Jeroen concluded with a call to action: identify one key takeaway from Devoxx and pursue it. For AI, this means mastering prompt engineering while prioritizing security. He shared a website with resources on adversarial prompting and risk analysis, encouraging developers to build secure AI systems. His talk blended humor, technical depth, and ethical reflection, leaving attendees with a clear understanding of prompt injection risks and the importance of responsible AI use.

Links:

• Jeroen Egelmeers’s Website
• Open AI Custom GPT Store
• AI Act

Moderated by Oleg Tsal-Tsalko, Senior Solution Architect at EPAM, the Devoxx Ukraine 2023 panel discussion, AI: Friend or Foe?, brought together experts Evgeny Borisov, Mary Grygleski, Andriy Mulyar, and Sean Phillips to explore the transformative impact of AI on software development and society. The discussion delves into AI’s potential to augment or disrupt, addressing ethical concerns, practical applications, and the skills developers need to thrive in an AI-driven world. This engaging session aligns with the conference’s focus on AI’s role in shaping technology’s future.

AI’s Impact on Software Development

The panel opens with a provocative question: does AI threaten software development jobs? Evgeny and Andriy assert that AI will not replace developers but rather enhance their productivity, acting as a “third arm.” Evgeny notes that many developers, especially juniors, already use tools like ChatGPT alongside their IDEs, streamlining tasks like code generation and documentation lookup. This shift, he argues, allows developers to focus on creative problem-solving rather than rote tasks, making development more engaging and efficient.

Mary reinforces this, suggesting that AI may create new roles, such as prompt engineers, to manage and optimize AI interactions. The panel agrees that while fully autonomous AI agents are still distant, current tools empower developers to deliver higher-quality code faster, transforming the development process into a more strategic and innovative endeavor.

Ethical and Societal Implications

The discussion shifts to AI’s ethical challenges, with Andriy highlighting the risk of “hallucinations”—incorrect or fabricated outputs from LLMs due to incomplete data. Mary adds that unintentional harm, such as misusing generated content, is a significant concern, urging developers to approach AI with caution and responsibility. Sean emphasizes the need for regulation, noting that the lack of oversight could lead to misuse, such as generating misleading content or exploiting personal data.

The panelists stress the importance of transparency, with Evgeny questioning the trustworthiness of AI providers like OpenAI, which may use user inputs to improve their models. This raises concerns about data privacy and intellectual property, prompting a call for developers to be mindful of the tools they use and the data they share.

Educating for an AI-Driven Future

A key theme is the need for broader AI literacy. Andriy advocates for basic machine learning education, even for non-technical users, to demystify AI systems. He suggests resources like MIT’s introductory ML courses to help individuals understand the “black box” of AI, enabling informed interactions. Mary agrees, emphasizing that understanding AI’s implications—without needing deep technical knowledge—can prevent unintended consequences, such as misinterpreting AI outputs.

The panelists encourage developers to learn prompt engineering, as well-formulated prompts significantly improve AI outputs. Evgeny shares that a well-named class or minimal context can yield better results than overly detailed prompts, highlighting the importance of clarity and precision in AI interactions.

Preparing Developers for AI Integration

The panel concludes with practical advice for developers. Sean recommends exploring AI tools to stay competitive, echoing the sentiment that “AI will not replace you, but people using AI will.” Evgeny suggests starting with simple resources, like YouTube tutorials, to master prompt engineering and understand AI capabilities. Mary highlights emerging tools like LangStream, an open-source library for event streaming in RAG patterns, showcasing how AI can integrate with real-time data processing.

The discussion, moderated with skill by Oleg, inspires developers to embrace AI as a collaborative tool while remaining vigilant about its challenges. By fostering education, ethical awareness, and technical proficiency, the panelists envision a future where AI empowers developers to innovate responsibly.

Links:

• EPAM website
• DataStax website
• Nomic AI website
• Oleg Tsal-Tsalko on Twitter
• Evgeny Borisov on Twitter
• Mary Grygleski on Twitter
• Andriy Mulyar on Twitter
• Sean Phillips on Twitter

Hashtags: #AI #SoftwareDevelopment #Ethics #MachineLearning #PromptEngineering #EPAM #DataStax #NomicAI #OlegTsalTsalko #EvgenyBorisov #MaryGrygleski #AndriyMulyar #SeanPhillips #DevoxxUkraine2023