Signature constrains

Task signature is minimal. Extra instructions from attacker don't fit. Constrained scope + more resistant.

Advertisement

Bootstrapping examples

Compiler picks good examples from eval data. Reinforce correct behavior patterns. Injection resistance improves.

Advertisement

Optimizer runs adversarial

Include adversarial cases in compilation set. Optimizer produces prompt resilient to those.

Not a silver bullet

Still susceptible to novel injection. Combine with input filter + output check.