Yet, you add another attack vector, something that is very willing to do stuff, as long as you prompt it right…

As Simon Wilison clearly laid out, 99% secure isn’t secure and you think you can fix it by adding mor/better prompts?

Which methods do you have planned outside of “better prompting/fine tuning”?