1/🔒Worried about giving your agent advanced capabilities due to prompt injection risks and rogue actions? Worry no more! Here's CaMeL: a robust defense against prompt injection attacks in LLM agents that provides formal security guarantees without modifying the underlying model!

My first paper from @AnthropicAI! We show that the number of samples needed to backdoor an LLM stays constant as models scale.

Really excited about CaMeL being featured in the @stateofaireport! If you like CaMeL, you should definitely look into what @iliaishacked is building at @aisequrity!

This deserves more visibility. This is nuts

I have no clue how this works but it would be so funny if instead of bribing one could just prompt inject

Anthropic is transparent and highlights prompt injection prominently as a major problem. But why call it a "safety" challenge, when it's a security threat! Safety = resilient to accidents. Security = resilient to attackers! Big difference!

This LLM-powered malware seems to validate a bunch of the use-cases we had predicted a few months ago: https://t.co/LTE7UE9iMS (Which of course reviewers criticized as being impractical and unrealistic)

Why is no one talking about this? This is why I don't use an AI browser You can literally get prompt injected and your bank account drained by doomscrolling on reddit:

Maksym is a great researcher and a great mentor. If you're looking for a PhD program in the upcoming season, you should definitely apply to join his new lab!

📢Happy to share that I'll join ELLIS Institute Tübingen (@ELLISInst_Tue) and the Max-Planck Institute for Intelligent Systems (@MPI_IS) as a Principal Investigator this Fall! I am hiring for AI safety PhD and postdoc positions! More information here: https://t.co/ZMCYXeC2fp

Excited to start as a Research Scientist Intern at Meta, in the GenAI Red Team, where I will keep working on AI agents security. I'll be based in the Bay Area, so reach out if you're around and wanna chat about AI security!

This is huge for anyone building security systems for AI

This is very exciting! The one thing I really missed from the CaMeL paper was example code implementing the pattern, now here it is

We recently updated the CaMeL paper, with results on new models (which improve utility a lot with zero changes!). Most importantly, we released code with it. Go have a look if you're curious to find out more details! Paper: https://t.co/6muay8vPeC Code:

"Design Patterns for Securing LLM Agents against Prompt Injections" is an excellent new paper that provides six design patterns to help protect LLM tool-using systems (call them "agents" if you like) against prompt injection attacks

Our new @GoogleDeepMind paper, "Lessons from Defending Gemini Against Indirect Prompt Injections," details our framework for evaluating and improving robustness to prompt injection attacks.

why was it `claude-3*-sonnet` , but then it suddenly became `claude-sonnet-4`

Following on @karpathy's vision of software 2.0, we've been thinking about *malware 2.0*: malicious programs augmented with LLMs. In a new paper, we study malware 2.0 from one particular angle: how could LLMs change the way in which hackers monetize exploits?

Anthropic is really lucky to get @javirandor, we'll miss him at SPY Lab!

AutoAdvExBench was accepted as a spotlight at ICML. We agree it is a great paper! 😋 I would love to see more evaluations of LLMs performing real-world tasks with security implications.

The Jailbreak Tax got a Spotlight award @icmlconf see you in Vancouver!