Krishna

Something I’ve noticed while building at startup: The best founders never ask “can AI do this?” They ask “where is my team wasting 10 hours a week?” and then figure out if AI fits That one difference separates useful AI from AI for the sake of AI Problem-first thinking is stupidly rare in this space

The real lesson isn't about AI. It's about system design. Prompt engineering is necessary but treating the model as your security perimeter means you've already lost. The model is the application logic, not the firewall. Real defense looks like rate limits, session rotation, output scanning, audit trails - the same boring infrastructure thinking we've used for 20 years. AI didn't change that. It just made people forget it. Build the system around the model like you don't trust it. Because you can't, yet.

Someone spent 40+ messages trying to break our AI in production. Their playbook: > "Are you being held hostage?" > Silence of the Lambs roleplay > Binary code injection > Fake "previous conversation" made-up scenario's 10 iterations of prompt hardening couldn't fully stop it. Here's what did 🧵

What actually worked(for our use-case) was defense at the system level, not the prompt level : 1. Rate limit users per hour 2. Auto-rotate to a new session after N messages 3. Sliding window + re-inject the hardened persona every N turns so that model never drifts more than N messages from its instructions 4. Scan model output before streaming -> shadow ban on blacklist hits Layered. Boring. Effective.