LOGBOOK

HELP

Quiz Entry - updated: 2026.07.01

Why is defending LLMs described as a "cat-and-mouse game," and what defense strategy follows from that?

Adversarial prompts evolve faster than defenses, and no statistical model can give logical guarantees about adversarial inputs — so you fall back on defense-in-depth: architecture, detection, and response.

The hard truth: adversarial prompts evolve constantly, new bypasses emerge faster than defenses ship, and — fundamentally — no statistical model can provide logical guarantees about adversarial inputs. There is no "patch" that ends prompt injection.

So the realistic strategy is defense in depth across three pillars:

  • Architecture — minimize the attack surface: minimize sensitive context, least-privilege capabilities, isolate untrusted data, enforce structure.
  • Detection — layer multiple mechanisms: input screening, output monitoring / structural validation, behavioral analysis, red teaming.
  • Response — user accountability, human-in-the-loop escalation, rate limiting, automated circuit breakers.

Real deployments (OpenAI, Anthropic) use multiple protection layers and improve over time — but no deployed system offers complete protection yet.

Tip: Accept you can't prevent injection; design so that a successful injection can't do much damage (least privilege, isolation) and gets caught and attributed (detection, accountability).

From Quiz: PRIVACY / Privacy in AI & ML — Differential Privacy, Synthetic Data & LLM Security | Updated: Jul 01, 2026