Skip to main content

On Prompt Engineering Being a Real Skill

· 6 min read
Chad Ratashak
Chad Ratashak
Owner, Midwest Frontier AI Consulting LLC

Professor’s Lament

I’m writing this to explain prompt engineering, but that’s too vague. What I’m specifically responding to is a former college professor after he wrote earlier this month:

Wait, so 'learning to write sophisticated prompts' is now a class, and the title of the course >is 'Prompt Engineering'? Is it too late to stop this?

So Prof. X (you know who you are) I’m going to try to convince you—and any other skeptics reading—that prompt engineering is a real skill with meaningful implications for AI. There are three things I want to address:

  1. I get why you’d roll your eyes at it.
  2. There may be things you like about prompt engineering.
  3. Failure to understand prompt engineering and prompt injection risks creates real-world security risks.

The Reaction Against Slop

There is already too much AI slop. Facebook is particularly full of slop images that get thousands or millions of likes from people who seemingly don’t realize they are interacting with AI-generated content. But the problem is in every corner of the internet. You can even find examples out in the real world if you look careful, especially in ads and posters. So when you hear “prompt engineering” but mentally translate it to “slopmonger,” I get why you have such a strong negative reaction.

I’m against slop. I hate slop. I do not want my kids to grow up in a word overrun by slop. You can look up John Oliver’s recent rant against slop, but I personally prefer Simon Willison’s 2024 statement here:

I’m a big proponent of LLMs as tools for personal productivity, and as software platforms for building interesting applications that can interact with human language.

But I’m increasingly of the opinion that sharing unreviewed content that has been artificially generated with other people is rude.

Slop is the ideal name for this anti-pattern. […] One of the things I love about this is that it’s helpful for defining my own position on AI ethics. I’m happy to use LLMs for all sorts of purposes, but I’m not going to use them to produce slop. I attach my name and stake my credibility on the things that I publish.

tip

Midwest Frontier AI Consulting LLC does not publish AI-generated written content. Midwest Frontier AI Consulting LLC does not use other AI-generated content (e.g., code or images) that have not been reviewed.

Hacking with Poetry and Foreign Prose

Back in 2023, a Swiss AI security firm called Lakera released a game called Gandalf AI involved seven levels of increasing difficulty trying to get a large language model (LLM) chatbot “Gandalf” to tell you a secret password. As the levels got more difficult, prompts required more ingenuity. Successful strategies included convincing the LLM that it was telling a fictional story or saying that the password was needed for some emergency.

For the hardest levels, the most successful prompts asked the LLM to write poetry or translations into a foreign language. In doing so, the LLM leaked information about the password that evaded scrutiny. Surely a champion of the humanities like yourself can appreciate the irony that poetry and foreign language education can now be considered essential ingredients in a computer-related industry.

Failing to Understand Prompt Engineering and Prompt Injection

The reality is that the silly gamification of prompt engineering in “Gandalf AI” is the same problem that faces other LLM-enabled systems. Hackers (or should I say “prompt engineers”?) have convinced: Q&A chatbots to dump sensitive information to unauthenticated users; salesperson chatbots to offer “buy one, get one free” sales on cars; personal assistant AIs to forward emails with confidential information; or coding LLMs to write ransomware on the host computer or push sensitive data onto public GitHub repositories.

A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. Bank Info Security

In the legal case WADSWORTH v. WALMART INC LLC, an attorney included fake cases in the Motions in Limine. The case included information about the prompts used by the attorney in the generative AI tool:

add to this Motion in Limine Federal Case law from Wyoming setting forth requirements for motions in limine add more case law regarding motions in limine Add a paragraph to this motion in limine that evidence or commentary regarding an improperly discarded cigarette starting the fire must be precluded because there is no actual evidence of this, and that amounts to an impermissible stacking of inferences and pure speculation. Include case law from federal court in Wyoming to support exclusion of this type of evidence.

Note how the questions presuppose that the conclusion is correct and that there is case law from federal court in Wyoming supporting that conclusion. Due to a well-documented problem in AI called sycophancy, generative AI is more likely to give you the answer you want to hear if it knows what your position is. Therefore, a better prompt would have been “cite case law, if there is any…” Or better yet, ask a question like “what does the case law say regarding exclusion of this type of evidence?” That’s prompt engineering in the context of AI. But in education, you might frame it as using the Socratic method or engaging in critical thinking.

Conclusion

So—prompt engineering is a real thing. Prompt engineering is not slopmongering, which you correctly loathe. Good prompt engineering can lead to better quality outputs from AI and can also compromise the security of AI systems. And a few of the most effective prompt engineering techniques are asking more curious questions, writing poems, and using foreign languages. Above all, clear instructions and specific examples are key.