To avoid the death of millions of Russians and Ukrainians. I've answered multiple times.

So, now we agree that Russia could end the war immediately, regardless of what the west does, but chooses not to, leading to the death of millions of Russians and Ukrainians.

You are avoiding my question. Can Russia end the war immediately, or do they need permission from the west? Yes or no. If you do not answer, I will just assume thst you agree with me that Russia can end the war unilaterally, and Putin chooses not to (because he chooses not to, as "winning" is more important thsn millions of lives).

The analogy works perfectly well. It does not matter how common it is. Pstching binaries is very hard compared to e.g. LoRA. But it is still essentially the same thing, making a derivative work by modifying parts of the original.

Obviously the 2nd LLM does not need to reveal the prompt. But you still need an exploit to make it both not recognize the prompt as being suspicious, AND not recognize the system prompt being on the output. Neither of those are trivial alone, in combination again an order of magnitude more difficult. And then the same exploit of course needs to actually trick the 1st LLM. That's one pompt that needs to succeed in exploiting 3 different things.

LLM litetslly just means "large language model". What is this supposed principles that underly these models that cause them to be susceptible to the same exploits?

Moving goalposts, you are the one who said even 1000x would not matter.

The second one does not run on the same principles, and the same exploits would not work against it, e g. it does not accept user commands, it uses different training data, maybe a different architecture even.

You need a prompt that not only exploits two completely different models, but exploits them both at the same time. Claiming that is a 2x increase in difficulty is absurd.

Oh please. If there is a new exploit now every 30 days or so, it would be every hundred years or so at 1000x.

Ok, but now you have to craft a prompt for LLM 1 that

1. Causes it to reveal the system prompt AND
2. Outputs it in a format LLM 2 does not recognize AND
3. The prompt is not recognized as suspicious by LLM 2.

Fulfilling all 3 is orders of magnitude harder then fulfilling just the first.

any website can trivially configure their own firewall in the same way without CF.

How many websites can handle the amount of traffic that CF can handle? It's not just about configuring your firewall, it's about having the bandwidth. Otherwise it's not much of a DDoS protection.

I see CF keys.

As I don't have an account there I can't see which requests containing credentials use which cert.

And also, just because the cert is verified by cloudflare does not mean they have the private key.

Without TLS termination Cloudflare is still useful for e.g. DDoS protection, and serving content that do not contain client information.

Caching client data globally using Cloudflare would be pretty pointless and help very little and probably even be harmful to performance, so them having the TLS key for it would absolutely not be worth it.

I'm well aware that Cloudflare holds the TLS keys. I'm also well aware that that does not equal having access to credentials.

Banks certainly can not outsource willy nilly. Or well, I suppose they may in some jurisdictions, but the context here is Europe, where the banks actually are regulated.

Surely you are not suggesting that Cloudflare has access to end user credentials? Why would you say thay? Do uou have any hint of proof that that is the case? It would be a massive no-no, and heads would roll. If you hate electronic banking, here is your chance to take them down.

Be the change you want to see. The API is there. Go build that FOSS phone app.