brypto

I’m now convinced if you need to run an LLM agent in a decentralized setup to control a large treasury, you can’t prevent griding to find a cooked prompt.

Andrew miller pointed out single TEE works but if we can’t allow that, then I don’t see a viable solution.

I’m not sure how you could prevent grinding a decentralized AI model.

if you run a deterministic model in consensus, the state has to be public (nodes have to be able to enter and exit the network), you can always grind a prompt outside of the protocol.

How do you prevent this…

EulerLagrange.eth - bank/acc (Hersh)

I’m now convinced if you need to run an LLM agent in a decentralized setup to control a large treasury, you can’t prevent griding to find a cooked prompt.

Andrew miller pointed out single TEE works but if we can’t allow that, then I don’t see a viable solution.

https://x.com/euler__lagrange/status/1873833137551069467?s=46

Working on building zkTLS infra/products. A ruthless empiricist and meme connoisseur.

/opacity
/eulerlagrange

can’t allow it? wdym

decentralized setup aside— ai control system security is largely a social engineering (red team) problem.. the premise of a cooked prompt usually assumes some basics such as one prompt will successfully manipulate all control systems… 

i think the solution is simple like sanitizing for sql injection.. now reliably updating the core prompts and the rest of autonomy? very hard

oh i see, yes cassie made the tee seem not very serious as an approach to permissionless agency for me.

however i also was only seeing tee to the extent of: call openai with a know prompt in a “secure” environment.. can one run llama?

People want to use agents to control giant treasuries.

If the amount in the treasury exceeds cost to break a TEE then we have an issue, no?