Advanced Prompt Engineering for Cyber Security | Lawrence Home

morning everyone welcome to bside Sydney 20124 uh we're going to start off with our first um speaker here Lawrence to talk about gener of AI and some um engineering and cyber security for AI uh just a quick thing about the rooms and everything in this space there's a couple of um green rooms back here they're only for speakers so don't go into those rooms there plenty of um uh talks in this level the next level up um you can walk around most of those rooms a couple of places that are off limits they'll be well um shown and um call it on every floor Etc that's it have fun enjoy and I'll uh pass it over to

Lawrence and um and let him go through this talk

enjoy thank you good morning everyone thank you for being here before we dive in I want to address something important about the scope of today's presentation by the way if I am not speaking speaking clear enough for you please let me know don't be shy you might have read the description that that promises comprehensive coverage of advanced prom engineering for cyber security operations let me explain to you trying to do that in 40 minutes is going to do you a this service and why I have chosen the different approach first of all let us consider the the famous saying teach a person a uh give a person a fish you feed feed them a day teach them how to fish

you give them fish a lifetime so the principle of this particular principle is very appable to Cy Pro Engineering in cyber security so if I try to talk about give in 40 minutes give you specific problems in every cyber security situations essentially giving you a fish it's going to cause some problems number one AI evolves quickly what I talk about today may be outdated very soon number two you it might not be applicable to your particular context or situation and number three you might not learn anything about how to create your own prompts for your own situations so I want to instead of giving you a catalog of prompts I want to focus on building un fundamental understanding

giving you the skills to develop your own prompts so let us be let us begin let's start off with a beautiful woman's

picture Okay I want to be on the same same make sure everybody's on the same page prom engineering is about asking AI chat bot like chat GPT question or requests and hopefully you get a good answer you're looking for so one day I receed SMS from a woman who looks at her she asked to be my friend so I have my ads so I asked CH GPT for help and this is a question so I got this asms from T by the way does anybody here not know whom T is okay I assume everybody knows who she is so I asked her I asked GPT she wants to be my friend friend I have never met her before never talked to her

before is she for real or am I have I found the one and thankfully C GPT Saved Me From Myself it says most likely a scam so this is very good use of C GPT Oh by by the way you you guys who are late you miss the goodlook woman part so sorry man next time show out on time man so why use chat GPT I'll give you a very good reason you know everybody wants to be want to look smarter than they are so there are three ways you can do that three ways that that I know of number one you speak English with an English accent anybody who can speak English with an English

accent if you are in America or you are what you going to be popular in America they think the English accent is Posh uh you ask you learn to ask better questions and number three of course you learn to use chpt and when I say chbt I'm talking about chpt and his competitors so these are the main competitors and recently I found this website you can actually ask one question and get a different answer from different models so you have model a Model B and you have and you can compare which one is is a better model for answering your question so some questions I will try to answer today limitations challenges why it is

important why clear and precise instructions are important for PR engineering and arguments for Learning and why some people struggle with prom Engineering in this a summary I want you to take away from AI is not an option it's the future you don't have a choice the usefulness of cck GPT is only up to your imagination remember garbage in garbage out and of course do not ignore Google and the difference between a basic prom and advanced prom is an academic paper because every single Advanced prom I have come across all started with an academic paper and they use magic words in their paper to prove or to try to prove that you by using the magic words you can get better

output from from prom engineering contents so what we will not cover today what is prom engineering we covered that second Point earlier what makes a great basic prom prompting framework it's not your fault or is it your fault some examples so what we want to cover today we're not going going to cover all these Concepts that have something to do with Advanced prom engineering I only have 40 minutes uh and so let's cover the next one prom prom framework what makes a basic prom good basic prom I just want to be sure we're on the same page so let me go this through this quickly so give you the Persona maybe you can ask it to

be a doctor and ask ask it to explain to you this medication be specific with your request provide context about why you're asking the question provide specific constraints like how long is the output make it conversational like talking to a friend and have a clear and achievable goal before you ask a question do you want a what kind of format you want for example and this zero shot prom is a basic prom basically because zero shot prom is zero example you don't give AI an example to help you answer the question you are relying on the training of the AI to give you the example or to give you the answer so here we don't have a example next

slide we're going to show a one shot prompt or one example prompt actually we skip that for now okay prompting framework there are a lot of them this is one example clear so these are the if you follow this one your prom should have all these ingredients next one you can just Google and see what they are if they are more or less the same ingredients it is not your fault that you cannot get the perfect prompt with AI check GPT why because it's very sensitive to the wording it's not what you say is how you ask how you say it so changing your phrase instruction can significantly improve performance the most effective changes are in these

two features morphology look at the changes just by changing from anal analyze to analyzing or analysis could affect your output and also lexicon and here if you add Extra Spaces capitalization using the limiters I will explain what the limiter is later it's for now just know that basically it's a boundary that you set between your question and your data is something that make it clear to the AI which one which part is your question and which part is your data so there are a lot of assumptions that have been challenged According to some academic papers assumptions that we have about AI lower perplexity is no guarantee that you'll get better output perplexity is a measure of the AI model in is predicting

in predicting a sample of tax in in coming up with an output in theory the lower the perplexity the better the output but that's not always guaranteed so this is one assumption we had about AI that uh that's being challenged okay using simple words is no guarantee that you get a better output sometimes if you use the rare words that that is in the training or of the AI you get better outputs and also the Lang of your output of your question the frequency of your keywords how clear your instruction is is no guarantee you'll get better output limitations and constraint there are more of them here so last year I ran this early last year when CH GPD just

came out and this Pro that CHT is not particularly good at logical thinking or mathematics I think it's still the same case I haven't tried but this is one fundamental weakness about AI cheat GPT something to keep in mind when you do your prompting if you put your keywords in at the beginning or at the end it's better than putting it in the middle because the chat GPT might skip it and we came across this earlier adding Extra Spaces limit uh calization using the limits and this is the most important thing you want to remember when you ask a generic question cat GPT has a lot of options to choose from about how to answer your

question in his from his training so if you ask a generic a general question C GPT has so many different options it's going to give you General answer so you want to focus check GPT on a specific domain that you interested in so if you are cyber security expert you want want to ask about incident respon then say you are an incident respon expert give it a Persona then you will focus on that particular domain in this training and then you will come back it it will most likely come back with a a better output better quality output so basically right now Che GPT is a black box I mean there are things we know about cat GPT and how they trans

transform input the from in their the data their training data into and output there there are things we know about but there are still a lot of things we don't know about that's why if you you should you should understand what this one means some people have say check GPT is a troll and I can agree with that so now we're going to cover is it your fault that you cannot come near a come up with a near perfect prompt by the way if you if you think you're missing out downstairs their talk is on YouTube one of the speaker gave the same talk last a few months ago in Las Vegas uh if is it your fault that you

cannot get to per near perfect prom I have a few theories why some people have uh are struggling with Form Engineering Theory number one remember we came across this earlier ask better questions the way we ask questions in life is very similar to the skills we use in prom engineering and this is pointed out by this paper I don't know whether it's peer review but it sounds right up my alley the art of creative inquiry the conclusion the skill you use in asking better question every day is the same skills you use in prom engineering now and another another theory I have about why people struggle with some people struggle with prom engineering is if you don't like writing if you dislike

right thing you're going to have problem I think because you interacting with C GPT right now requires a lot of back and forth so there are some examples I want to go through let me see where we are right now oh 9:14 w wow good okay zero shot we came across this earlier zero example zero shot means zero example that means you are purely relying on the training of the training data of the AI to give you the output hopefully they will give you the one that the output that you want the next shot is going to show you the one one example prompt so on the left side the example we're talking about is a the

answer is 11 so on the left side here it's actually called One Shot One Shot prompting and because it has one example so here you ask a question and then you give an example of how you how AI should arrive at the answer and then you ask a different question hopefully AI is smart enough to follow your first example and come up with an answer but unfortunately in this case it does it doesn't work so some people came up with the Chain of Thought prompting so in this example you actually show AI how you step by step come to your conclusion and then hopefully AI smart enough to follow your step by step and come up with a answer

and in this case it works we are entering Advanced prom engineering area now so the different as I mentioned earlier a difference between a basic prom and an advanced prom is an academic paper because every single Advance prom I have come across so far started with a acade academic paper I'll talk about magic words later this is another Advanced PR I'm I'm very happy that I discover let me show you why this is a basic problem you ask CBT to come up with a python code based on his training data and the next line is the magic words in this particular strategy you ask AI to review their answer and come up with another answer find

problems and then you ask AI again so this is from the paper they started they come they came out with this RCI thing here's the paper oh by the way uh at the end I will give you a link to Google Docs and you can find all the references in Google do uh and you can find all this pictures in in the reference in the in the academic papers so here we have us one questions ask and then we down here we have four different Advanced prom engineering well three Advanced prom engineering technique and one standard basic prompt so this question Val earns $5,000 a month so all these four prompting techniques trying to come up

with the answer and they are over here on the left side they all wrong and RCI which we came across earlier just by asking this second line which is I highlighted here it give you a better output down here so this is one of my favorite prompt prompting technique and also this is another one of my favorite okay here it's a bit overwhelming okay here you have two parts initial problem your initial problem and then you have instruction in the instruction you have two P two steps or in the instruction first one first part you are asking AI to come cat GPT to give you five examples in the example AI chat GPT will give you the question and the answer of

each example and then the next step chip was by looking at these five examples it came up with it going to try to solve your initial problem which is this one here I'm going to show you what the out looks like so you have you have a better idea so here here here cat GPD came out with five example I only have two up here because too long so in the in each example there's there's question and there's answer question and then there's answer chpd tried to find in his training similar relevant an analogous problems that you have compared to uh anal analogies to your initial problem and down here C GPT will try to solve

your initial problem based on is five example up there it's very useful oh I'm used by the way I'm using this to write a a movie script so next time you see me I'll be on I'll be accepting my oscar make sure you chewing in okay another Advanced prom engineering techniques very simple one can ask AI to relax just relax supposedly it will improve improve the output by the way chat GPT they don't have feelings they are not humans some people think they do but they are not humans they are just predicting the words that they that they should use to to reply to your request okay favorite compon components of magic words we came across magic an

example of magic words earlier so these are some of the magic words I like to use each one of them each one of them has a academic academic paper behind them so this is a personality you are giving AI chat GPT and then you have this one I usually ask at the end of the of my prom this is another one I use uh the limiter we talked about earlier boundaries that we set to distinguish your question from your data so I use this one usually as a my delimiter to separate my question from my data this is the one we came out came through came came from uh we look at in RCI earlier and this one I also use a lot

because I usually find very good improvements and this one this is another theory I have about why some people have problems with learning prom engineering if you are not used to challenging Authority and if you look at CH GPT as a Authority on everything you're going to feel not very comfortable challenging Authority so if you are for example born and bred in a country like communist China where the the authority is always correct then you're going to have I think you will have a lot of problems getting the hang of GPT and there are dozen or hundreds of different promoting techniques in this paper they came up they distill do 15 that they say are relevant

for programmers but I think they are also very useful for other domains not just programming because all this you can see in other domain as well so if you want to start with 15 techniques start with this 15 okay so now we going to ask one example one one question of chat GPT and then we see how diff some different Advanced prompting techniques will give you we'll phrase we'll we'll phrase the question so here we're going to ask CH chity to generate some python code so here on the left side you have some BS one two three four but eight eight different prompting Advanced prompting techniques over here are the examples we're going to focus on these two in the

middle zero shot Chain of Thought and RCI which we talked about earlier so the same question as you can see is phrased differently depending on the technique that you use so with zero short Chain of Thought the magic words is less things step by step so just by asking a simple question less things step by step you're going to get supposedly get a better output and then here with talk about this earlier so I'm going to skip it but do you have question about this Slide by the way I know it's a bit overwhelming you can find in this paper if you need proof when you are tired of watching TV yes let me introduce you some some

weekend weekend reading so different domain different papers I got to make sure I'm same distance yeah in this paper is in the in the references list I'm going to give you at the end of this talk sorry you want to take a picture ready let me know later on if you want to take picture of any slide I'm happy to go back here has another one it's going to keep you out of trouble for a while yeah and this one as well this is a very good paper you want to start with the paper start with this one my one of my favorite papers a bunch of people like at least 12 12 authors in that

paper thought process of a prom engineer if you want something even a bit more advanced yeah this one here you will give you the the an example this this is from the same paper I talked about earlier one of my favorite papers is in the appendix section so one book to read okay because I wasn't planning on having so much free time right now after after all the slides so I I I I didn't I want to introduce you this book for cyber Security Professionals this book is written about CH GPT prompting for cyber Security Professionals I could have copy and pasted all the prompts but I think it's better for you to read this

is the

book it covers a lot of domains it's in the reference list here I will show you I'll give you later so here here are the chapters

and this is an example prompt from the book so here he's using a personality you are professional cyber threat analyst and this is a very long promt here the second book to read it's written by a very handsome man I have bad news and good news for you the bad news is I'm quite happy with the content it's version 1.1 the bad news is the formatting is really sucks so if you want to read better use a computer rather than a a handphone and the good news is today Saturday 7 P.M onwards you have 24 hours to download for free from Amazon yes if you have bad things to say about this book email me if you have if

you have good things to say about this book give me a five star I need to impress okay summary we came across this earlier so as as mentioned earlier AI is not an option if you well it's the future you don't have a choice the usefulness is limited to your imagination remember this one and do not ignore Google and the de and of course the difference between a basic prompt and an advanced prompt is always an academic paper so if you want to uh to be better at prompting read an academic paper let's see here thank you oh here's the

references any questions

hi uh thanks for the talk uh it seems like a lot of the prompt engineering techniques rely or or at least that I saw rely on uh you knowing the correct answer you know what I mean like if you're refining the answer and you're asking it to check what's wrong say you're generating secure python code how do how do you know if you yourself don't know whether it's secure when to stop asking it to find problems and how do you know it's not hallucinating problems in its previous answer and actually giving you less secure code yeah it's a good question that's why I use more than one AI chatbot to cross check each other even then it's no

guarantee they they know what they're talking about so it's always have good to have a human friend at hand who can guide you along the way as well I don't know if that answer your question but you can never trust AI maybe you should just ask your human friend to help you from the start the problem is your human friend may not be so so free to entertain your question so maybe you want to get the basic out of the way then if maybe you it will help you come up with a better question then you're happy so that your human friend will be happy to answer any question I can't I can't I can't I can't

believe every oh but uh before before you before I answer a question I want to thank the organizers for allowing me to be one of the speakers today I'm very deeply honored to be one of your speakers today is to be able to speak to at least 100 I hope a 100 people Prof highly qualified professionals is one is was on my bucket list so that one is T so and they I believe they put up together a very excellent event today and so I'm very very gr grateful to be part of this yes sir yeah thanks for the talk man it was really good I love your accent man oh cheers buddy um so look just for Contex this is

actually my first bides event so like I'm I'm I'm new to a lot of this stuff um but I myself have been using chat gbt in like so many areas of my life it's kind of caught me off guard how often I use it these days um but look I've worked help Des for about seven or eight years now I'm currently been trained as a CIS admin um chat gbt in in in my experience in the it side of things at the moment is still like it's a bit of a Pandora's Box in a lot of ways and I think look you probably understand that better than anyone um I suppose my question is for

you how far off do you think we are to adopting chat gbt and AI at large into just the it space as like a mandatory option very good question that question is better answered by the one the two ladies downstairs because they're talking about hacking AI right now uh but from what I understand there's a lot of problem with llm large language model so a lot of problems you can see on on the news about company having problems in in in in installing making use of AI to be honest with you I'm not that qualified to tell you when we will see that happening hopefully within my lifetime but I'm happy to pass on your

question to the two lovely ladies downstairs yeah that'll be good man cheers

thanks for that um do you have a view on which of those prompting techniques you think gives the best productivity

gains it really depends on the context I think that's why you want to read as many papers as possible to to familiarize yourself oh yes of course read my book because my book actually is a collection of many different examples from different sources some of them you have to pay so you save you some money by going to my book and actually I categorize the prompts according to functions like extracting words or summarizing or problem solving stuff like that you know of so really basically you want it really depends on context and so you try different techniques and the ones that I the the favorite ones that I show on the slide are the ones I use most often yeah

I guess they are my favorites and they the one that work for my context yeah I hope I answer your question

what AI or chat GPT would you recommend for running on pram like off the internet I hope somebody here knows this more than me because to be honest with you I haven't tried any one of them this is on my on my bucket list uh

I don't want to

invest but some of the papers they actually talk about the the the machines that they use so maybe from there you can get some Inspirations also of course remember this website go back why is this not working stuck okay

the remember remember this one yeah you can test the same question on different seven models according to the website and see which one is better uh just to answer the previous question if you're interested in running like a model like an AI locally like chat GPT um you can look up oama or you can look up uh hugging face um which is like GitHub for AI models um and then there's a program called LM Studio which lets you test them and and have a look but o Lama or hugging face um on Google and that'll give you the answers oh this one

yes good day thanks for the talk U just a question um is there an inherent bias against AI especially for cyber security that we expect AI to be right all the time and we sort of say that it's bad if it's not and it shouldn't be trusted but in reality most cyber people aren't right most of the time in in in all things so we have a higher expectation for AI to be write secure code yet in reality very few people write secure code uh but we is is is there any herab I think we do I mean we expect too much from AI there's a lot of hype about AI maybe that's one of the problems yeah

so we have to be realistic so the more you play with a the more you find that it's not so intelligent I mean CPT

what's your thought with chpt but o one the new one that is thinking because also with the I tried like a basic prompt and the reply was very good because he's thinking instead of let me doing like a a better prompt you're talking about no no not the paid one I I guess because I'm paying probably I have access is the 01 basically when when I ask when I do a prompt it takes maybe 10 15 40 seconds to reply so he got all the steps you can see all the steps and the reply is incredible comparing with the 40 what's your thought about that compared to the older version yeah so you're happy with

the new free version no I'm using 01 you're using the o one o1 it's a free one right ER I don't think so you're you're paying for an old one yeah I guess because it's a preview but H AI is thinking once you ask a prompt when you digit a prompt then doesn't reply straight away wait wait you can see what what he AI is doing and then you're going to give you you a a very detailed reply okay are we talking about chpt the brand yeah chpt open AI chpt oh open AI yeah I have in the phone the browser one or the the in the app in the phone in the browser yeah the one in the browser

not the one that you run through the API no no no in the browser okay so you're saying you using you're paying for chbt and you're happy with the answer hey it's just $20 is not uh oh okay so but the new one is thinking thinking so with a basic prompt yeah basic I mean yeah you have a very good reply anyway yes correct so you're saying why should I bother learning no no no no no what what what's your thought because AI is going quick yes yes I mean we have a lot of paper but if it's from let's for me my opinion like from 2023 for me sounds very old yeah Am I

Wrong Here's my thought because prom engineering as I mentioned earlier help you develop your questioning skill so in real life when you don't have cat GPT next to you you have to learn to ask better question tra using chat GPT is a very good way to train yourself to make you smart look smarter in the conference table around the conference table so that's why whether we have whether no matter how good chat GPD gets to become in answering your question I believe the training that you get in learning how to ask better questions help you in real life when you don't have internet connection I don't know I hope I hope they answer your question

yeah can try Forex I from Google and um they have the option that you can change the parameter to uh turning your model so I I tried that one already and um yes it's thinking so it's not just reflect um immediately and uh take more two or three second or sometime 10 second based on your complexity of your questions yeah

I think um when people talk about the AI thinking I think it what open AI are doing is basically just automating the recursive process so it's starting with an input and an output and then feeding it back into itself looping it a few times and so that's where I think like prompt engineering is a skill it's something that the product people open Ai and Google they don't want end users to be good prompt engine is they want it to automatically work and so they're building this Research into the layers where it just does it automatically for you thank you any more question I hope I I I haven't wasted your time40 okay thanks for coming