“A Theory of Prompt Injection (and why you should study roles)” by Charles Ye, softboiledheart episode artwork

EPISODE · Jun 22, 2026 · 32 MIN

“A Theory of Prompt Injection (and why you should study roles)” by Charles Ye, softboiledheart

from LessWrong (30+ Karma)

Summary We've been building a theory of how prompt injections work under the hood.We show it comes down to how LLMs perceive roles (the humble chat template tags).We use this theory to create new attacks, explain some weird mech interp results, and predict when attacks work.We also advocate for a new subfield focused on the science of roles, and sketch some unexplored new research problems.Work supported by CBAI and Cosmos. Another version of this post (with more inline colors) is here, and full ICML paper here. 1. The World to an LLM How does an LLM know the difference between its own thoughts and someone else's words? To see why this is hard, let's look at what the world actually looks like to a model. Here's a simple chat where we ask Claude to check the day of the week. I took a snapshot of it midway through its follow-up response: Left = what we see; right = what the LLM gets. On the left is what we see in the chat interface: a structured conversation with distinct turns. On the right is what the model actually receives as input: a single, continuous stream [...] ---Outline:(00:12) Summary(00:54) 1. The World to an LLM(02:35) 2. Roles(05:03) 3. Roles and prompt injection(06:35) Two ways to defend injections(08:14) 4. What's going wrong with roles?(13:28) 5. Spoofing Thoughts(15:59) 6. Prompt Injection as Role Confusion(20:57) 7. Why Roles Matter(21:01) A brief history of roles(22:23) A general theory of roles(24:54) 8. Open Ideas for Roles Research(25:12) Subconscious steering(27:06) When to use roles(28:42) Roles as a cognitive window(30:38) Conclusion The original text contained 27 footnotes which were omitted from this narration. --- First published: June 22nd, 2026 Source: https://www.lesswrong.com/posts/d8xDGzCEYE639qqEv/a-theory-of-prompt-injection-and-why-you-should-study-roles --- Narrated by TYPE III AUDIO. ---Images from the article:Apple Podcasts and Spotify do not show images in the episode description. Try Pocket Casts, or another podcast app.

NOW PLAYING

“A Theory of Prompt Injection (and why you should study roles)” by Charles Ye, softboiledheart

0:00 32:24

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Accidental Accountant Regan Williams Hi, I'm Regan! I'm a CPA of 30+ years helping "accidental accountants" navigate tax & accounting issues with confidence! Here, we find solutions to common challenges bookkeepers, accountants and CPAs face. Don't see an answer to your question? Then ask! I'm here to help people like you. Two Recruiters: Zero Filter Two Recruiters At Two Recruiters: Zero Filter, we're on a mission to demystify the hiring process, share insider tips, and empower you to maneuver through the professional world with confidence. With more than 30 years of combined experience navigating the intricate web of job markets, talent acquisition, and career development, we're here to spill the tea on everything career related. But wait, there’s more! We will dive into many life topics that are interesting to us as well.  Get ready for a rollercoaster of insights, stories, and no-holds-barred advice!Join us for conversations that matter – where work, life, and authenticity collide in the most unexpected and rewarding ways. Capital Ideas Podcast Capital Group Want to learn how professional investors do it? The Capital Ideas podcast brings you the latest investment thinking from Capital Group, one of the world's largest investment management organizations. Each week we'll get inside the minds of portfolio managers, analysts and economists to break down market trends, macroeconomic forces, investing approaches and lessons learned from personal experience. Take 30 minutes and tap into the intellectual capital of Capital Group. Capital Client Group, Inc.All Capital Group trademarks mentioned are owned by The Capital Group Companies, Inc., an affiliated company or fund. All other company and product names mentioned are the property of their respective companies.For full disclosures go to capitalgroup.com/global-disclosures. My Take On It with Your Angelic Karma® Your Angelic Karma Here we take a look at how the United States measures alongside other First World Nations. + taking a deep dive into the science -The Report

Frequently Asked Questions

How long is this episode of LessWrong (30+ Karma)?

This episode is 32 minutes long.

When was this LessWrong (30+ Karma) episode published?

This episode was published on June 22, 2026.

What is this episode about?

Summary We've been building a theory of how prompt injections work under the hood.We show it comes down to how LLMs perceive roles (the humble chat template tags).We use this theory to create new attacks, explain some weird mech interp results, and...

Can I download this LessWrong (30+ Karma) episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!