AAISM · Question #200
When robust input controls cannot prevent prompt injections in an LLM, what is the BEST compensating control?
The correct answer is D. Review and annotate the AI system's outputs. When input-side defenses fail to stop prompt injection, output review becomes the critical last line of defense. Reviewing and annotating outputs intercepts harmful, misleading, or unauthorized content before it reaches end users, limiting the damage from a successful injection.
Question
When robust input controls cannot prevent prompt injections in an LLM, what is the BEST compensating control?
Options
- AFine-tune the system to validate inputs
- BImplement identity and access management (IAM)
- CConduct human reviews of AI system inputs
- DReview and annotate the AI system's outputs
How the community answered
(26 responses)- A8% (2)
- B8% (2)
- C27% (7)
- D58% (15)
Explanation
When input-side defenses fail to stop prompt injection, output review becomes the critical last line of defense. Reviewing and annotating outputs intercepts harmful, misleading, or unauthorized content before it reaches end users, limiting the damage from a successful injection. Fine-tuning for input validation (A) is still an input-side control - the same layer that already failed. IAM (B) governs who can access the system but does not filter malicious content. Human review of inputs (C) is resource-intensive and would have been part of the input controls that already failed. Output review catches the actual harm regardless of how the injection entered.
Topics
Community Discussion
No community discussion yet for this question.