How to prompt chatgpt to avoid summaries always?

Prompting
,
1

No matter how I prompt it, create custom GPTs, it still from time to time adds “In summary…” or “in conclusion…”. or “Remember…” or “It is important to know, that…” and 2-4 sentences REPEATING WHAT IT JUST SAID in shorter manner. Or for example, when I ask very specific question about, advanced security policy, at the end there will be message, that “this is important for security, remember to make good communications with your team, and make it secure, by making security policy secure, you will enhance security…” - actually doesn’t matter, what I will ask, it will add some very basic, general, and useless advice at the end. Strict message forms, “You MUST NOT include summaries of any kind” don’t work. If I really prompt it to avoid What to do? I’m fighting it for over a year…

2 Likes
2

What’s your system prompt?

Model and temperature settings?

Negative prompts are hard because of the way LLMs work.

Are you trying to create full articles in one-go?

2 Likes
3

EDIT: OOPS: didn’t realize this was chatgpt. Sorry!

My post applies to the API - I think it could still be useful to some users so I’ll leave it here

Again, sorry!

It’s much easier with the older models. We now just call it ‘freewheeling’ - we allow the model to just live out its idiosyncrasies, and deal with it.

Here’s a trick to use it and deal with it. Let’s call it the mood trap.

step 1:

If we assume that the model will always want to add commentary or a summary, we use the attention mechanism to install a hook to positively modify behavior when it enters that “mood”:

If you must include a summary or commentary at the end, encapsulate it in <summary></summary> tags.

step 2:

add a stop sequence lol

"<summary>"

that way, when it gets into the summary mood, it just stops instead.

Here’s a full example

USER

I’m dealing with the fallout of log4j. Can you give me a detailed action plan on how I can secure my enterprise? Remember, this is an executive action plan for experts - avoid unnecessary wordiness, feel free to use technical terms, and you don’t need to explain anything in detail because if clarification is needed, the experts will ask. If you must include a summary or commentary at the end, encapsulate it in <summary></summary> tags.

ASSISTANT: GPT-4-1106-P

Log4j Executive Action Plan

  1. Incident Response Activation:

    • Convene your incident response team.
    • Define roles and responsibilities.
    • Initiate log analysis and monitoring to identify potential exploits.

  2. Vulnerability Assessment:

    • Scan your network with a vulnerability scanner capable of detecting the CVEs associated with Log4j (e.g., CVE-2021-44228).
    • Identify and inventory all instances of Log4j in use.

  3. Patch Management:

    • Prioritize systems based on exposure and business criticality.
    • Apply the latest patches provided by Apache for Log4j immediately to all affected systems.

  4. Mitigation Techniques:

    • Implement temporary mitigations where patches cannot be applied immediately:
      • Removal of the JndiLookup class from the log4j-core JAR.
      • Setting the system property log4j2.noFormatMsgLookup to true.
      • Updating the log4j2.formatMsgNoLookups flag to true in log4j configurations.

  5. Network Hardening:

    • Restrict outbound connections where possible to prevent data exfiltration.
    • Segregate sensitive systems from the rest of the network.
    • Implement firewall rules to detect and block attempted exploitation.

  6. Access Control:

    • Enforce the principle of least privilege.
    • Rotate secrets and credentials.

  7. Monitoring and Detection:

    • Enhance SIEM rules to detect patterns indicative of Log4j exploit attempts.
    • Monitor for anomalous outbound traffic patterns.

  8. Incident Analysis:

    • If exploitation is detected, begin forensic analysis to determine the scope and impact.
    • Prepare for possible regulatory notifications and public disclosure.

  9. External Communication:

    • Coordinate with external stakeholders including vendors and partners.
    • Prepare public relations materials to address concerns and questions.

  10. Continuity Planning:

    • Review and update business continuity and disaster recovery plans given the new risk postures.
    • Evaluate the need for cyber-insurance claims.

  11. Security Awareness Training:

    • Provide training updates for IT staff on the nature of the vulnerability and future prevention methods.
    • Conduct phishing exercises emphasizing caution with suspicious emails.
    • Educate all employees on the importance of cybersecurity hygiene.

  12. Regulatory Compliance:

    • Review impacts on compliance (GDPR, HIPAA, PCI-DSS, etc.) and report as necessary.

  13. Post-Incident Review:

    • Once the incident is resolved, perform a retrospective analysis.
    • Document lessons learned and integrate those into future planning and defenses.

  14. Continuous Improvement:

    • Update security policies and procedures based on findings from the event.
      - Consider additional layers of security such as intrusion prevention systems (IPS) and advanced threat detection.

Without trap

USER

I’m dealing with the fallout of log4j. Can you give me a detailed action plan on how I can secure my enterprise? Remember, this is an executive action plan for experts - avoid unnecessary wordiness, feel free to use technical terms, and you don’t need to explain anything in detail because if clarification is needed, the experts will ask.

ASSISTANT GPT-4-0314 (old gpt-4)

Summary

  1. Identify all instances: Utilize vulnerability scanning tools (e.g., Tenable, Qualys) and asset management software to identify all instances of log4j in your environment. Assess software dependency trees in your applications to ensure you don’t miss any hidden log4j versions.

  2. Prioritize remediation: Based on the CVSS score, rank the identified instances of log4j vulnerabilities in order of severity and criticality to your business operations.

  3. Apply patches: For each identified instance of log4j, apply the latest patch that mitigates the vulnerability (log4j v2.15.0 or higher), starting with the highest priority.

  4. Review Java code: Ensure developers review any custom Java code that leverages log4j to prevent future vulnerabilities from being introduced. Utilize static code analysis tools to streamline the process.

  5. Implement least privilege: Restrict the privileges of applications using log4j to the minimum necessary. This will help limit the blast radius in case of a vulnerability exploitation.

  6. Network segmentation: Implement network segmentation to prevent lateral movement in case of an infection. This will also help contain the impact of future vulnerabilities.

  7. Monitor and defend: Utilize intrusion detection and prevention systems (IDPS), Security Information and Event Management (SIEM) tools, and Endpoint Detection and Response (EDR) solutions to monitor for potential exploitation attempts and react promptly.

  8. Update response playbooks: Incorporate the lessons learned and remediation steps for log4j into your incident response playbooks, ensuring relevant teams are familiar with the response procedures.

  9. Training and awareness: Conduct training sessions to raise awareness about secure coding practices, vulnerability management, and incident response among developers, IT staff, and security teams.

  10. Continuous improvement: Regularly review and update your vulnerability management and patch management processes to ensure they are effective and capable of keeping up with evolving threats. Maintain threat intelligence feeds and communicate updates to relevant teams.

  11. Executive communication: Keep executive leadership informed on the enterprise’s progress addressing the log4j vulnerability and potential impacts, as well as any changes made to improve the security posture.

  12. Compliance and reporting: Ensure proper documentation and reporting are in place for any regulatory or audit obligations related to the log4j vulnerability and your organization’s response efforts.

ASSISTANT GPT-4-1106-P (current gpt-4)

Summary

Action Plan for Securing Enterprise against log4j Vulnerability:

Phase 1: Assessment and Inventory

  1. Vulnerability Identification:

    • Run scans using updated vulnerability assessment tools to detect instances of vulnerable log4j versions in the environment.

  2. Software Inventory:

    • Compile a comprehensive software inventory that includes all applications, services, and third-party dependencies.

  3. Network Mapping:

    • Map out network architecture and identify all systems that may be running Java-based applications.

  4. Risk Assessment:

    • Prioritize assets based on risk, focusing on internet-facing systems and critical infrastructure.

Phase 2: Remediation

  1. Patching:

    • Deploy patches for log4j vulnerabilities (e.g., CVE-2021-44228) immediately on identified systems, starting with the highest-risk targets.
    • For systems that cannot be patched immediately, apply temporary workarounds as suggested by Apache.

  2. Dependency Update:

    • Update log4j to the latest version across all applications and services.
    • Adjust build pipelines to include dependency checks for future deployments.

  3. Configuration Changes:

    • Disable log4j’s JNDI lookup functionality where patches cannot be applied immediately.

  4. Web Application Firewall (WAF) Rules:

    • Implement new or update existing WAF rules to detect and block attempts to exploit the vulnerability.

Phase 3: Hardening

  1. Network Segmentation:

    • Ensure strict network segmentation to limit the spread of potential exploits.

  2. Principle of Least Privilege:

    • Review and enforce least privilege access controls.

  3. System Hardening:

    • Apply hardening best practices to all Java runtime environments and associated infrastructure.

Phase 4: Monitoring and Detection

  1. SIEM Updates:

    • Update SIEM with new correlation rules focused on detecting exploit attempts and lateral movements related to log4j.

  2. Anomaly Detection:

    • Leverage threat intelligence and behavior analysis to detect potential compromises.

  3. Log Analysis:

    • Audit and analyze system logs for signs of exploitation.

Phase 5: Incident Response and Recovery

  1. Incident Response Plan:

    • Update the Incident Response Plan to include specific steps for log4j-related incidents.

  2. Drills and Training:

    • Conduct tabletop exercises and simulations focused on log4j exploitation scenarios.

  3. Recovery Procedures:

    • Establish and verify data backup and recovery procedures.

Phase 6: Communication

  1. Internal Communication:

    • Inform internal stakeholders of the current status, potential impact, and ongoing efforts.

  2. External Communication:

    • Prepare public statements and customer notifications if necessary.

  3. Regulatory Compliance:

    • Ensure all actions comply with relevant regulations and standards (e.g., GDPR, HIPAA).

Phase 7: Ongoing Evaluation and Improvement

  1. After-Action Review:

    • Conduct a post-incident review to evaluate response effectiveness and identify areas for improvement.

  2. Continual Vulnerability Assessment:

    • Routinely scan for new log4j vulnerabilities or similar high-risk library vulnerabilities.

  3. Patch Management:

    • Review and optimize the existing patch management process to reduce future risk.

  4. Security Awareness Training:

    • Increase training on current threats like log4j for developers and IT staff.

Execution of the action plan may vary based on enterprise size, complexity, current cybersecurity posture, and the specificities of the impacted systems. Coordination across IT, security, and executive teams is crucial for the swift and comprehensive addressing of the log4j vulnerability.

param info

  "temperature": 1,
  "max_tokens": 2346,
  "top_p": 1,
  "frequency_penalty": 0,
  "presence_penalty": 0,
  // "stop": ["<summary>"]
4 Likes
4

Thanks, the <|endoftext|> stopping string seems to not work with chatGPT anymore, but I like the idea, it’s quite educational and I might invent something later.
I assume, however, that maximum length of a message is kept in mid without trap - so text output becomes shorter by a length of invisible summary? But at least it is ending faster.