Can someone help me understand why classic sanitizing is not used as a solved problem to prompt injection? All these tags, patterns, etc, feel like prime for a parser rule, but maybe I am thinking too abstract here and missing an obvious knowledge gap I have on LLMs
vova_hn2 1 day ago|
Role tags are not actual symbols "<system>", they are special tokens that do not correspond to any normal text. So you can't really inject a role tag, that is not the actual problem.
hmokiguess 5 hours ago||
as in this stuff happens at the tokenizer / internal representation layer? sorry can you help me understand why can't we sanitize it?