Signature constrains
Task signature is minimal. Extra instructions from attacker don't fit. Constrained scope + more resistant.
Advertisement
Bootstrapping examples
Compiler picks good examples from eval data. Reinforce correct behavior patterns. Injection resistance improves.
Advertisement
Optimizer runs adversarial
Include adversarial cases in compilation set. Optimizer produces prompt resilient to those.
Not a silver bullet
Still susceptible to novel injection. Combine with input filter + output check.