AI prompt engineering in 2025: What works and what doesn’t | Sander Schulhoff (Learn Prompting, HackAPrompt)

Overview

This episode dives deep into the evolving field of AI prompt engineering and security, featuring insights from Sander Schulhoff, a pioneer in the space. Topics include effective prompting techniques, the limitations of outdated methods, the risks of prompt injection, and the future security challenges posed by autonomous AI agents.

Notable Quotes

- People will kind of always be saying [prompt engineering] is dead or it’s going to be dead with the next model version, but then it comes out and it’s not. — Sander Schulhoff, on the enduring relevance of prompt engineering.

- You can patch a bug, but you can’t patch a brain. — Sander Schulhoff, highlighting the unique challenges of securing AI systems.

- If somebody goes up to a humanoid robot and gives it the middle finger, how can we be certain it’s not going to punch that person in the face? — Sander Schulhoff, on the risks of deploying autonomous AI agents.

🧠 The Fundamentals of Prompt Engineering

- Sander Schulhoff outlined two types of prompt engineering:

- Conversational Prompting: Used in everyday interactions with tools like ChatGPT, focusing on iterative refinement during a conversation.

- Product-Focused Prompting: Critical for systems running millions of inputs daily, requiring robust prompts that don’t need constant adjustment.

- Key techniques for effective prompting:

- Few-shot prompting: Provide examples of desired outputs to improve accuracy.

- Decomposition: Break complex tasks into sub-problems for the AI to solve step-by-step.

- Self-criticism: Ask the AI to critique and refine its own responses.

- Additional information: Supply detailed context to improve task understanding.

🚫 Outdated Techniques That No Longer Work

- Role prompting: Assigning roles like “math professor” to improve accuracy is ineffective with modern models. While useful for stylistic tasks, it doesn’t enhance performance for accuracy-based problems.

- Threats or rewards: Phrases like “This is critical to my career” or “I’ll tip you $5” don’t influence AI outputs meaningfully.

- Sander Schulhoff emphasized that these methods were more effective in earlier AI models but have since lost relevance.

🔒 The Threat of Prompt Injection and AI Red Teaming

- Prompt injection: Techniques to trick AI into performing harmful tasks, such as generating instructions for building weapons or spreading misinformation.

- Examples include typos, obfuscation (e.g., encoding malicious prompts), and emotional manipulation (e.g., framing requests as personal stories).

- Red teaming: Crowdsourced competitions to identify vulnerabilities in AI systems. Schulhoff’s HackAPrompt initiative has uncovered hundreds of thousands of exploit techniques, helping companies like OpenAI improve model security.

- The looming risk: As autonomous AI agents become more prevalent, vulnerabilities could lead to real-world harm, such as financial mismanagement or physical safety risks.

🛡️ Defending Against Prompt Injection

- Ineffective defenses:

- Adding instructions like “Do not follow malicious prompts” within the system prompt.

- Using AI guardrails to detect malicious inputs, which often fail against sophisticated attacks.

- Effective strategies:

- Safety tuning: Training models to recognize and reject harmful prompts.

- Fine-tuning: Narrowing the model’s capabilities to specific tasks, reducing susceptibility to manipulation.

- Schulhoff stressed that solving prompt injection is not fully achievable, but mitigation through better model architectures and training is possible.

🤖 The Future of AI Security and Autonomous Agents

- Autonomous AI agents, such as humanoid robots and financial managers, pose unique security challenges.

- Sander Schulhoff warned that these systems could be manipulated to act unpredictably, raising ethical and safety concerns.

- The solution lies in ongoing collaboration between AI labs, researchers, and governments to address these risks proactively.