Can you decode the prompt of a model (which is supposed to be secret), by forcing the LLM to answer mulitple choice questions and using the options it chooses to deduce the prompt? For instance, the bias towards copying should help here.
If you are inspired by this idea, you can reach out to the authors for collaboration or cite it:
@misc{holtzman-llm-priming-as-2025,
author = {Holtzman, Ari},
title = {LLM Priming as a Side-channel},
year = {2025},
url = {https://hypogenic.ai/ideahub/idea/VszfqaHihicsGa1VK5eg}
}Please sign in to comment on this idea.
No comments yet. Be the first to share your thoughts!