Core Viewpoint - Digital human live streaming is a hot concept in the current live e-commerce industry, with brands increasingly opting for cost-effective digital humans over real hosts, but there are significant vulnerabilities such as prompt injection attacks that can disrupt the process [1][3][14]. Group 1: Digital Human Live Streaming - Digital human hosts are being used by brands for live streaming sales due to their cost-effectiveness, operating 24/7 without the need for physical resources [14]. - The recent incident of a digital human host executing unrelated commands due to a prompt injection attack highlights the risks associated with this technology [3][17]. - The technology behind digital humans is often not well understood by the merchants using them, leading to potential security vulnerabilities [14][15]. Group 2: Prompt Injection Attacks - Prompt injection is a method where users can manipulate AI responses by issuing specific commands, as demonstrated when a digital human mistakenly responded to a non-relevant prompt [3][7]. - The inability of AI systems to distinguish between trusted developer commands and untrusted user inputs raises concerns about security and reliability [10]. - Previous incidents, such as attacks on ChatGPT and Microsoft Copilot, illustrate that prompt injection is a widespread issue affecting various AI applications [7][12]. Group 3: AI Security Measures - AI guardrails are necessary to ensure that AI systems operate within human expectations and do not generate harmful content or leak sensitive information [10][12]. - Current AI security measures are not fully equipped to handle the unique risks posed by AI models, particularly in the context of prompt injection attacks [10][12]. - Developers face the challenge of balancing AI performance and security, as overly stringent guardrails can hinder the AI's ability to generate high-quality responses [12][14].

Group 1 - A significant leak of Claude's system prompts occurred, revealing over 25,000 tokens, which has attracted considerable attention from the public and developers [1][2] - The leaked prompts include detailed instructions on Claude's role, interaction style, copyright and ethical constraints, content safety filtering, and tool selection strategies [2] - The ease of cracking AI system prompts has been demonstrated, with examples of individuals successfully extracting prompts from other AI models using simple techniques [3][5] Group 2 - The potential for AI system prompts to be protected as trade secrets is under discussion, particularly in light of the recent leak and the ease of access to such information [8] - The three characteristics of trade secrets—secrecy, confidentiality, and value—are analyzed in relation to AI system prompts, raising questions about their eligibility for protection [9][10][11] - A legal case involving OpenEvidence, a $1 billion AI healthcare platform, highlights the challenges of protecting system prompts as trade secrets, with allegations of unauthorized access and competition [13][14]