I wonder if you can coerce llm email autoresponders into revealing api keys or summat.

@munin Generally the tool calls are totally isolated from the text context so it's pretty unlikely. Then again if they use RAG yoy might be able to get it to fetch sensitive data if it exists in a connected database

@mauve

well that's the thing - if they've hooked it up to have access to the email corpus in order to generate replies, that means the training data's potentially got some interesting shit in it.

Follow

@munin Yeah that'd be neat. I think there's a bunch if research out there to craft prompts to extract raw data. Personally I'd use an off the shelf model like phi3 with just a bit of prompting to save on costs 😅 Then again scammerd probably have enough resources for going all out.

Sign in to participate in the conversation
Mauvestodon

Escape ship from centralized social media run by Mauve.