A longer-term idea to minimize prompt injection:

npub1zthq85gksjsjthv8h6rec2qeqs2mu0emrm9xknkhgw7hfl7csrnq6wxm56

hex

ced9467c0103aa130927d51e36b3abd6a9ec955b446e6281c7b80a4b36fafa98

nevent

nevent1qqsvak2x0sqs82snpyna283kkw4ad20vj4d5gmnzs8rmszjtxma04xqprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsp9msr6ytgfgf9mkrmapuu9qvsg9d78ua3ajntfmt580t5llvgpesavdqlx

Kind-1 (TextNote)

2026-06-12T22:18:57Z

A longer-term idea to minimize prompt injection:

Hopefully, the future will be all open models and they'll all be running on commodity server farms (using something like nostr:nprofile1qqsgha3fk023ng8c4quszdayghqwkt6l9d9ga4c3280gnqz3aqqx7ycpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcprpmhxue69uhhyetvv9ujuun0w468xarj9e3k7mf0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj79xgs7e to buy and sell)

I know there is randomness when predicting tokens, but we should make it deterministic, i.e. pseudorandom

Each server should sign every response. We should send a small fraction of our requests to two servers simultaneously.

If two servers give a different response to the same request, then it's likely one has cheated. With the signatures, we can then prove which server farm misled us

I guess this is a bit complex, but it's a fun problem to think about

nostr:nevent1qqsrd58m3xj995pxsu39mrsjzw927npa9vxyhw4zw2hwf9mjklz3kcgpr9mhxue69uhhyetvv9ujumn0wd68ymtpwqhxuet59upzq8n8mcm4g9csw8fulx6ykmj5d0v5l59zeglmfkamrvz5dpwfz9hyqvzqqqqqqygrefya

{ "kind": 1, "id": "ced9467c0103aa130927d51e36b3abd6a9ec955b446e6281c7b80a4b36fafa98", "pubkey": "12ee03d11684a125dd87be879c28190415be3f3b1eca6b4ed743bd74ffd880e6", "created_at": 1781302737, "tags": [ [ "alt", "A short note: A longer-term idea to minimize prompt injection:\n\n..." ], [ "p", "8bf629b3d519a0f8a8390137a445c0eb2f5f2b4a8ed71151de898051e8006f13", "wss://relay.primal.net/" ], [ "p", "1e67de3754171071d3cf9b44b6e546bd94fd0a2ca3fb4dbbb1b054685c9116e4", "wss://relay.damus.io/" ], [ "zap", "1e67de3754171071d3cf9b44b6e546bd94fd0a2ca3fb4dbbb1b054685c9116e4", "wss://relay.damus.io/", "0.9" ], [ "zap", "12ee03d11684a125dd87be879c28190415be3f3b1eca6b4ed743bd74ffd880e6", "wss://nos.lol/", "0.1" ], [ "client", "Amethyst" ] ], "content": "A longer-term idea to minimize prompt injection:\n\nHopefully, the future will be all open models and they'll all be running on commodity server farms (using something like nostr:nprofile1qqsgha3fk023ng8c4quszdayghqwkt6l9d9ga4c3280gnqz3aqqx7ycpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcprpmhxue69uhhyetvv9ujuun0w468xarj9e3k7mf0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj79xgs7e to buy and sell)\n\nI know there is randomness when predicting tokens, but we should make it deterministic, i.e. pseudorandom\n\nEach server should sign every response. We should send a small fraction of our requests to two servers simultaneously.\n\nIf two servers give a different response to the same request, then it's likely one has cheated. With the signatures, we can then prove which server farm misled us\n\nI guess this is a bit complex, but it's a fun problem to think about\n\nnostr:nevent1qqsrd58m3xj995pxsu39mrsjzw927npa9vxyhw4zw2hwf9mjklz3kcgpr9mhxue69uhhyetvv9ujumn0wd68ymtpwqhxuet59upzq8n8mcm4g9csw8fulx6ykmj5d0v5l59zeglmfkamrvz5dpwfz9hyqvzqqqqqqygrefya", "sig": "f4ff603b2c3a2e741a04e325a590bb08a3364a6629135dcf857885815b611c0cf5331c6558dbac5033aa03a91b2b4eb1bb71637c09e9d328167395e865c92abd" }

A longer-term idea to minimize prompt injection:

Raw JSON