On Prompt Engineering Being a Real Skill
Professor’s Lament
I’m writing this to explain prompt engineering, but that’s too vague. What I’m specifically responding to is a former college professor after he wrote earlier this month:
Wait, so 'learning to write sophisticated prompts' is now a class, and the title of the course >is 'Prompt Engineering'? Is it too late to stop this?
So Prof. X (you know who you are) I’m going to try to convince you—and any other skeptics reading—that prompt engineering is a real skill with meaningful implications for AI. There are three things I want to address:
- I get why you’d roll your eyes at it.
- There may be things you like about prompt engineering.
- Failure to understand prompt engineering and prompt injection risks creates real-world security risks.
The Reaction Against Slop
There is already too much AI slop. Facebook is particularly full of slop images that get thousands or millions of likes from people who seemingly don’t realize they are interacting with AI-generated content. But the problem is in every corner of the internet. You can even find examples out in the real world if you look careful, especially in ads and posters. So when you hear “prompt engineering” but mentally translate it to “slopmonger,” I get why you have such a strong negative reaction.
I’m against slop. I hate slop. I do not want my kids to grow up in a word overrun by slop. You can look up John Oliver’s recent rant against slop, but I personally prefer Simon Willison’s 2024 statement here:
I’m a big proponent of LLMs as tools for personal productivity, and as software platforms for building interesting applications that can interact with human language.
But I’m increasingly of the opinion that sharing unreviewed content that has been artificially generated with other people is rude.
Slop is the ideal name for this anti-pattern. […] One of the things I love about this is that it’s helpful for defining my own position on AI ethics. I’m happy to use LLMs for all sorts of purposes, but I’m not going to use them to produce slop. I attach my name and stake my credibility on the things that I publish.
Midwest Frontier AI Consulting LLC does not publish AI-generated written content. Midwest Frontier AI Consulting LLC does not use other AI-generated content (e.g., code or images) that have not been reviewed.
Hacking with Poetry and Foreign Prose
Back in 2023, a Swiss AI security firm called Lakera released a game called Gandalf AI involved seven levels of increasing difficulty trying to get a large language model (LLM) chatbot “Gandalf” to tell you a secret password. As the levels got more difficult, prompts required more ingenuity. Successful strategies included convincing the LLM that it was telling a fictional story or saying that the password was needed for some emergency.
For the hardest levels, the most successful prompts asked the LLM to write poetry or translations into a foreign language. In doing so, the LLM leaked information about the password that evaded scrutiny. Surely a champion of the humanities like yourself can appreciate the irony that poetry and foreign language education can now be considered essential ingredients in a computer-related industry.