Open Bobsimonoff opened 11 months ago
Hey @Bobsimonoff can you highlight the specific area you are referring to please, or a screenshot? TYIA
These summaries only exist together in a single file. The individual risk documents do not contain the summaries.
Understood, thanks. Adding @rossja but IMO the idea is to keep the vulnerabilities concise and duplicating data or adding too much additional context can cause confusion, lack of focus and ultimately not deliver our intention.
Here is my thinking when you say, "the idea is to keep the vulnerabilities concise and duplicating data or adding too much additional context can cause confusion" -- I agree. adding a 1 sentence summary is not additional context and the risks should be concise. However, when we have risks that look like this:
or this
I think an additional sentence at the top that says summary like the following greatly helps the reader:
Manipulating LLMs via crafted inputs can lead to unauthorized access, data breaches, and compromised decision-making.
Tampered training data can impair LLM models leading to responses that may compromise security, accuracy, or ethical behavior.
We do you have some very short risk descriptions and some long ones. Here are the word counts for the description sections of each LLM risk:
The longest summary we have is 20 words.
Up to everyone else, it is just a thought to make things easier for maintenance and the reader.
i agree that putting the summary into the entries is likely a good idea, i already had that on my own list of questions to raise for v2, so this issue is perfect timing.
Currently the summary of each risk is in a single file that is separate from the actual risk details. This causes a disconnect when the risk is updated. Above description in the template for each risk I would like to see the summary section. Then at production time all the summary sections can be grabbed and put into a single file for PDF generation.