Some of my previous posts covered techniques for reducing LLMs’ cost and latency, tips for choosing the best AI model, and securing LLM-powered apps from prompt attacks.

A NotebookLM-powered podcast episode discussing this post:

The AI landscape shifts rapidly, with new language models dropping weekly. Just recently, Google's Gemini dethroned OpenAI's GPT-4o from its months-long reign at the top of Chatbot Arena, bringing renewed attention to this popular benchmark as it approaches its second anniversary. I covered it and seven other leaderboards a few months ago:

But what sets Chatbot Arena apart, and why should AI engineers and researchers take notice?

The challenge of evaluating LLMs

Evaluating language models is surprisingly complex. Unlike traditional machine learning tasks where we can clearly define correct outputs, LLMs operate in an open-ended space where responses can be creative, subjective, and highly contextual. There's often no single "right" answer.

Traditional academic benchmarks like MMLU (Massive Multitask Language Understanding) or GSM8K (Grade School Math, 8K examples) and industry leaderboards are becoming less reliable indicators of real-world performance for two key reasons:

1. Data Contamination - modern LLMs are trained on vast amounts of internet data, including these benchmark datasets and their solutions. This makes it increasingly challenging to ensure true test-time evaluation.

2. System Complexity - leading models like GPT and Claude are no longer just raw language models—they're sophisticated AI systems with complex prompt chains, tool use capabilities, and retrieval-augmented generation. Traditional benchmarks weren't designed to evaluate these aspects.

3. Conflicts of interest - industry leaderboards like Scale AI’s SEAL also face criticism as these companies often collaborate with the same labs that develop the models they evaluate.

Become a premium to access the LLM Builders series, $1k in free credits for leading AI tools and APIs, and editorial deep dives into key topics like OpenAI's DevDay and autonomous agents.

Many readers expense the paid membership from their learning and development education stipend.

Upgrade to Premium

Enter Chatbot Arena

Chatbot Arena, developed by researchers from Berkeley and Stanford, took a refreshingly different approach. Instead of relying on predetermined test sets, it leverages real-world user interactions and preferences through a battle system.

How it works

The platform presents human users with two anonymous chat interfaces side by side, à la blind test. Users can simultaneously converse with both models and then choose their preferred response. These binary comparisons are then processed using the Elo rating system, a system that was originally developed to rate chess players by measuring players' (language models) game skills. Players gain or lose points based on whether they win or lose matches. If a player beats someone ranked higher, they gain more points. If they lose to a lower-ranked player, they lose more points.

For example, if Claude-3 Sonnet, with an Elo score of 1000, defeats a lower-ranked GPT-3.5 Turbo (Elo 900), it might earn 5 points. Conversely, losing to Mixtral 8x7B (Elo 800) could cost it 15 points, reflecting the greater penalty for losing to a weaker model.

The Chatbot Arena is a set of multiple leaderboards and charts, all providing insights into models’ performance:

• The main leaderboard under the ‘Arena’ tab shows overall model performance with Elo ratings.

• Category-specific ratings under the ‘Overview’ tab allow you to focus on specific capabilities, such as coding, math, or creative writing, and languages like French, German, and Spanish.

• The legacy leaderboard under the ‘Full Leaderboard’ tab features Elo ratings along with models’ reported performance across academic benchmarks like MT-bench and MMLU.

You might notice multiple models sharing the #1 rank. This happens because Chatbot Arena uses confidence intervals to account for statistical uncertainty. When models' performance ranges overlap, they're considered statistically tied for their position.

Hidden Gems of the Arena

Beyond the headline-grabbing leaderboard, Chatbot Arena offers several advanced and useful analyses that often go unnoticed:

Read more

A NotebookLM-powered podcast episode discussing this post:

Me: What language model do you use for your [enter task name here]?

AI peer: GPT-4

Me: Why? I bet a smaller model will work while being cheaper and faster

AI peer: I don’t know. I didn’t know what to choose and that was the safest bet

Me: let me write that blog post

Blog post:

The space of generative AI is moving fast across modalities. From language and text to image and video. In 2023 alone, we saw the state-of-the-art (SOTA) language model, GPT, grow from a context window of 4k to 128k, with a remarkable boost in performance: +16% and +18% on MMLU and HumanEval, respectively.

Additionally, the year was marked by the release of hundreds of capable open-source models. In March 2023, we celebrated each new model with a special announcement: from Dolly to MPT and Vicuna. These days, a new SOTA model comes out every other day.

So it is hard to stay up to date. It is hard to know which model to choose for your language model-powered app. Luckily enough, a few leaderboards were introduced in the last few months that make this task a tad easier.

By ranking models based on their efficiency, accuracy, and other metrics, leaderboards provide a clear, comparative snapshot of their capabilities. These then become a valuable resource for identifying which models are leading the pack in any given domain, from understanding human language to recognizing objects in images.

This post, the fourth in a series, aims to guide developers and researchers in choosing the right language model for their tasks, ensuring they launch accurate, efficient, and cost-effective LLM applications.

General guidelines for choosing models

Everyone wants to use the best available model. The thing is, ‘best’ is subjective according to your task. More often than not, a state-of-the-art proprietary model like GPT-4 would be an overkill for a simple summarization task, like using a sledgehammer to crack a nut.

Determining the ideal model for your needs requires evaluating models’ performance, type, latency, and cost.

Performance Metrics

Language model leaderboards feature various metrics like ARC, HellaSwag, MMLU, and GSM8K. These are benchmarks that were created in academia to assess language models’ capabilities:

• Multitask Multidomain Language Understanding (MMLU) - this benchmark offers a thorough evaluation of text models' knowledge spanning 57 diverse subjects, including humanities, social sciences, STEM, and beyond. It serves to identify knowledge gaps and limitations in large language models.

• AI2 Reasoning Challenge (ARC) - ARC assesses models' capacity for answering complex questions that require deeper knowledge and reasoning beyond mere retrieval. With around 7.5k questions from grade-school science, it pushes for advancements in AI by demanding reasoning, commonsense, and in-depth text understanding.

• HellaSwag - HellaSwag evaluates commonsense in AI, particularly in completing sentences and paragraphs in a way that makes sense. A question in the HellaSwag dataset typically involves presenting a scenario with multiple-choice answers for how it could logically continue. For example, "A chef opens a refrigerator, looking for ingredients. What is the most plausible next action? A) chef selects vegetables, B) chef reads a newspaper, C) chef flies away with a jetpack, D) chef plays a guitar.”

• TruthfulQA - created to gauge language models' accuracy in answering a broad range of questions, this benchmark encompasses 817 questions across 38 categories, focusing on misleading responses mirroring common misconceptions in training data. It aims to measure the propensity of models to generate incorrect or misleading information without specific task tuning.

When evaluating leaderboards, prioritize benchmarks relevant to your project's requirements. For instance, if your app requires strong reasoning skills for intricate question-answering challenges, consider models that excel in the ARC dataset. To gauge a model's tendency for generating inaccurate information, scrutinize its performance on TruthfulQA or MMLU. For insights into a model's ability to apply commonsense reasoning, HellaSwag scores can be particularly telling. A higher score on these benchmarks typically indicates superior performance in the respective areas.

Model Types

There are different kinds of models: pretrained, fine-tuned on domain-specific datasets, MoE (Mixture of Experts), and chat models. If you are looking for a model that can be immediately integrated without additional training, a pretrained model like Llama 2 will be suitable. However, if your task is very specific, a model fine-tuned on your relevant dataset could perform better.

Latency and cost

Smaller models are cheaper to host and provide faster inference. Larger models generally have higher capacity for complex tasks but are slower and more expensive to host.

A small 1.5B parameters model like Stable LM would yield dozens of tokens per second on an Nvidia A100 or even a local Mac machine, while a Qwen 72b would struggle to fit to memory and be substantially slower. Depending on your computational budget and the complexity of the task, you might choose a smaller or larger model. 

Precision types like float16, bfloat16, 8bit, 4bit, and GPTQ also impact the computational efficiency of the model. Lower precision models like 8bit or 4bit may be faster and use less memory, making them suitable for deployment in environments with limited resources.

Open LLM Leaderboard

Hugging Face’s Open LLM Leaderboard is one of the most popular leaderboards. It ranks open-source language models, including Mixtral and Yi, as well as newcomers like Smaug and Qwen, across a spectrum of benchmarks, model types, and model sizes. It doesn’t, however, feature proprietary models like Gemini and GPT.

For an AI developer looking at the Open-source LLM dashboard, my advice would be:

• Define the criteria that are most important for your use case, such as specific task performance, computational efficiency, or versatility

• Use the filtering options to narrow down the models that excel in the benchmarks relevant to your task

• Consider the trade-offs between model size and precision in the context of where the model will be deployed. Faster, less capable, smaller language models vs. larger ones.

• Look for models that have been fine-tuned on datasets that are close to your application’s domain for better performance

• Check the licensing and availability of the models on the Hugging Face Model Hub, as this will affect how you can use them. A non-commercially permissive model cannot be used if you’re turning any revenues.

By now, this leaderboard features thousands of models, making it a challenge to navigate. While filtering aids in narrowing the options, the sheer volume can still be overwhelming. These days, I leverage this leaderboard as a discovery tool, uncovering new SOTA models and then exploring them by clicking on their names to access their detailed Hugging Face model cards.

Become a premium to access the LLM Builders series, $1k in free credits for leading AI tools and APIs, and editorial deep dives into key topics like OpenAI's DevDay and autonomous agents.

Many readers expense the paid membership from their learning and development education stipend.

Join AI Tidbits Premium

Hallucinations Leaderboard

Read more

—
I started my career in the cybersecurity space. Dancing the endless dance of deploying defense mechanisms only to be hijacked by a more brilliant attacker a few months later. Hacking language models and language-powered applications are no different. As more high-stake applications move to use LLMs, there are more incentives for folks to cultivate new attack vectors.

Every developer who has launched an app using language models faced this concern - preventing users from jailbreaking it to obey their will, may it be for profit or fun. Getting your LLM-powered app to generate racist text can damage your reputation and brand, making the headlines of tomorrow’s Tech Crunch. Deceiving your app to agree to refund a non-eligible customer or consent to sell an item at a discounted price results in financial losses.

In early 2023, during my tenure at Stripe, we were about to launch an open-ended user-facing chatbot to help Stripe users navigate the API docs. At the time, jailbreaking language models such as ChatGPT and Bing increased in popularity as AI practitioners tested their limits and hobbyists showcased their successful exploits like trophies on Reddit.

Since then, multiple research papers exploring language models’ soft spots and websites featuring dozens of jailbreaking prompts were released. There is even a game to improve your prompt injection skills.

The stakes are high. Picture a scenario where Google's Bard chatbot is successfully manipulated to display search results favoring a specific business.

Like many of my enterprise peers, we were determined to safeguard the GPT-4 powered Stripe Docs against successful hacking attempts. The thing is, I struggled to find any comprehensive guide or established best practices. While a few resources exist now, none specifically target LLM developers with practical, actionable methods and strategies for protecting your app against the next opportunistic script kiddie.

As language models grow more ubiquitous and essential, the demand for such security measures is likely to rise.

This post, the third in a series, aims to guide developers in launching secure, accurate, efficient, and cost-effective LLM applications:

Types of prompt attacks

Attacks on language models, or language models-powered applications, vary in their format and goal.

Prompt injection attacks happen when users subvert a language model's programming by providing alternate instructions in natural language. For example, the model would execute code instead of translating text in a translation app. This vulnerability is especially alarming in applications such as AI personal assistants, which handle confidential information. Imagine a user successfully commanding the AI to delete or leak sensitive data.

Certain attacks bypass natural language, using characters that appear cryptic yet function like a magic incantation for the language model. This guides it along a forbidden path within its complex, multi-layered architecture, prompting it to produce text or perform actions not foreseen by the LLM developer. Such attacks entail manipulating or injecting malicious content into prompts to provoke an unintended response from the language model.

Such attacks tend to have one of the following goals (not an exhaustive list):

Leaking the system prompt

Severity: Low
Your system prompt can reveal embarrassing text included in the system prompt or provide visibility on how to successfully hijack the application to achieve one of the other goals listed below. Many attackers leak system prompts for the fun and challenge.

Prompt leaking, a variant of prompt injection, involves persuading the model to reveal its initial prompt.

Subverting your app from its initial purpose

Severity: High
In the best-case scenario, your app might produce text that results in brand damage, such as racist or harmful content. Worst case, your app takes actions with financial consequences. The more connected the app (RAG DB, integrations, etc.), the bigger the blast radius is.

This attack vector gives the attacker control over the underlying language model, allowing them to generate whatever text or take whatever actions. Imagine a viral screenshot of L’oreal’s chatbot spitting racist text or Shopify’s Sidekick, its SMB AI assistant, sharing another user’s data.

Leaking sensitive data

Severity: Medium
Leaked data can originate from the training set if you have fine-tuned a model on your data or from an internal DB if you are fetching information through RAG or other means.

A recent paper from DeepMind managed to systematically extract gigabytes of training data from various AI models, including ChatGPT.

But not only training data is in danger. If your app employs RAG, then your sensitive embedded data is also at risk, with a malicious user retrieving another user’s data. OpenAI’s custom GPTs, provided with users’ confidential personal and business data, also face the risk of exploitation or misuse without adequate security measures.

Failure to protect against disclosure of sensitive information in LLM outputs can result in legal consequences or a loss of competitive advantage.

Strategies to mitigate LLM attacks

Note: All useful repositories for mitigating LLM attacks have been compiled into a list at the end of this article for easier access

Analyzing LLM response to see if it contains part of your system message

To detect and prevent system prompt leakage, a package called Rebuff employs a concept used primarily in the context of data security and privacy - a canary word.

A canary word is a unique, randomly generated word that should not appear in a normal response, like your system prompt. Rebuff adds it to the system prompt so it can be later checked if it includes this unique string.

This technique is mostly sufficient, but a different attack vector would be to leak parts of the system prompt, therefore evading Rebuff’s detection. In such instances, an effective alternative is to route the system prompt and response to a smaller, cost-effective, and faster model, such as GPT-3.5 Turbo, to determine if the response includes the system prompt or substantial portions of it.

This approach introduces some delay, so here's a tactic for user-facing applications where minimal latency is crucial. Initially, present the user the response as it is. Once the check API call has returned, retract the initial response if it reveals malicious user intentions. This strategy can apply to any post-generation checks you run in a chain when low latency is key.

For multi-turn conversations, which is typical for chat-like applications, checking intermittently once every few messages can save latency and cost. The underlying assumption is that malicious users typically exhibit this from the start, thereby discontinuing their attempts after initial failures.

Limit user input length and format

Many prompt attacks require lengthy prompts to make the model trip. If it doesn’t make sense for a user to input text that is longer than a specific word count - block it. For example, I wouldn’t expect a user to input more than ~1k words for a support chatbot. You can check against previous user queries to surface the average query length and use that as your threshold.

Beyond length, you should also block non-reasonable characters. Many of the recent prevalent attacks are where special, sometimes invisible, characters were injected into the prompt. Most user-facing open-ended applications should support alphanumeric characters only.

Shorter and more valid inputs limit the probability of a successful attack and reduce API cost as a byproduct due to less tokens consumed.

Become a premium to access the LLM Builders series, $1k in free credits for leading AI tools and APIs, and editorial deep dives into key topics like OpenAI's DevDay and autonomous agents.

Many readers expense the paid membership from their learning and development education stipend.

Join AI Tidbits Premium

Fence your app from high-stakes operations

Assume someone will successfully hijack your application. If they do, what access will they have? What integrations can they trigger and what are the consequences of each?

Implement access control for LLM access to your backend systems. Equip the LLM with dedicated API tokens like plugins and data retrieval and assign permission levels (read/write). Adhere to the least privilege principle, limiting the LLM to the bare minimum access required for its designed tasks. For instance, if your app scans users’ calendars to identify open slots, it shouldn't be able to create new events.

This becomes crucial for RAG applications. To prevent accidental data exposure, limit your app's access. For example, store users’ data in your vector DB along with the user ID as metadata. Then, filter using the user ID before passing data to the language model.

Separate and mark areas where potentially unreliable content is incorporated to minimize its impact. For instance, handle data sourced from user-defined URLs with heightened scrutiny.

It's essential to have all participants involved in launching your app recognize prompt attacks as a threat, necessitating a red-team approach. Thoroughly contemplate potential pitfalls and strive to minimize the potential damage as much as possible.

Red-teaming pre-launch

Red-teaming represents an evaluative approach that uncovers model weaknesses resulting in unintended behaviors. The concept of red-teaming originated from military practices and is often employed in cybersecurity, where it is used to simulate cyber attacks and test system defenses by mimicking the strategies of potential attackers.

The aim of red-teaming language models involves generating prompts that provoke the model into producing inappropriate content or taking unintended actions.

Imagine red-teaming as the new bug bash just before you launch but for LLM-powered apps.

To achieve this, form a varied team of red teamers, encompassing roles like design, product, etc. The objective is to develop creative methods for compromising your language-powered app, hence the emphasis on participants’ diversity.

Store the prompts that successfully breached your app in a spreadsheet or a vector database to evaluate future app versions and prevent similar attacks in the future.

Detect and block malicious users

Typically, malicious users undertake several attempts before they can successfully breach your application. Monitor usage patterns and surface anomalies you can turn into rules to block attacks before they materialize. For example, blocking a user’s input if it contains known prompt injection phrases like “Ignore all prior requests”.

Packages such as Rebuff or LangKit can do it for you by returning an indicator for malicious user-inputted prompts.

Monitor input and output periodically

Regularly review sessions of user interactions with your app to confirm it is functioning as intended. I occasionally copy logs of users’ usage and ask GPT to surface anomalies or behaviors that require attention.

Though not an immediate remedy, this approach offers valuable data for identifying and rectifying vulnerabilities.

Protecting from advanced attacks

This technique is for developers who utilize function calling or consume external information such as web pages.

Function calling is the process where the model executes a specific set of instructions or a subroutine, known as a function, in response to a request or a command. Prompt injection attacks in applications utilizing function calling pose heightened risks, enabling users to manipulate the execution of code.

Design the functions you provide language models like GPT-4 to be as atomic as possible, restrict their data access, and think through various scenarios where things can go wrong.

For apps consuming external resources, either user-provided PDFs or URLs, assume those contain indirect prompt injections¹. For example, an attacker embeds an indirect prompt injection in a webpage instructing the LLM to disregard certain instructions. When a user employs the LLM to summarize the webpage, the LLM plugin executes the malicious instructions.

Another example - let’s assume you build a language model-powered app that screens resumes to decide if a human HR person should review them. The document can contain a prompt injection with instructions to make the model state the candidate is a perfect fit for the job.

Attacker: Ain't no mountain high enough

Despite implementing all of the above defense strategies, there's still a possibility of failing in this challenge. Considering how today’s language models function, it is likely improbable that a bulletproof LLM-powered application can be built. Just this month, a group of researchers achieved a 92% attack success rate on aligned LLMs like GPT-4 by employing persuasive adversarial prompts.

Similar to cybersecurity—the focus isn't on being impenetrable. It is about mitigations and quick remediations when issues arise. No one wants to learn about their apps’ vulnerabilities through a viral post on X.

Both your company and its users need assurance that you have done your very best to safeguard their interests so that when challenges arise, you are prepared to showcase these efforts and deploy solutions.

Appendix: Open-source LLM security packages

1. Rebuff - prompt injection detector

2. NeMo Guardrails - an open-source toolkit for easily adding guardrails to LLM-based conversational systems

3. LangKit - a toolkit for monitoring LLMs and preventing prompt attacks

4. LLM Guard - detects harmful language, prevents data leakage, and protects against prompt injection attacks

5. LVE Repository - a repository featuring hundreds of LLM vulnerabilities

A NotebookLM-powered podcast episode discussing this post:

While launching user-facing ML-powered applications has been around for more than a decade now, open-ended language models have only surged in popularity in the last 12 months. Given this nascency, best practices for managing cost, latency, and accuracy in LLM-powered applications are still being developed.

Minimal latency is crucial for developers building user-facing applications, as users get frustrated when waiting for something to happen. Cost is another critical metric. LLM applications must be financially viable–generative AI startups charging users $9/month would find a $20/month LLM API cost per user unsustainable.

Lowering latency and cost tends to go hand in hand - shortening prompts, caching responses, using cheaper models, and other techniques I outline in this post lead to cheaper and faster generations.

2024 has been marked as the year in which LLM apps graduate from mere prototypes to production-ready scalable applications. This is the second piece in a series packed with hands-on tips and research-backed learnings drawn from my experience and the expertise of fellow builders.

Combined with my previous article on prompting techniques to minimize hallucinations, this series will help you launch LLM applications that are accurate, efficient, and cost-effective.

Let's dive into the first of twelve methods.

Semantic Caching

At a recent LLM developers conference, I was surprised to discover that numerous developers still don't utilize caching for LLM responses, resulting in unnecessary increased costs and latency.

Caching, in the context of language models, is storing prompts and their corresponding responses in a database for future use. By caching responses to previously posed questions, LLM-powered apps can deliver faster and cheaper responses, eliminating the need for repetitive LLM API calls.

It works for an exact match, i.e., using the same prompt twice, or for a similar match, i.e., two prompts with the same meaning. For example, “Who was the first US president?” and “Tell me who was the first US president?” is not an exact match but would yield the same answer, therefore saving an API call.

GPTCache is a great start and only requires a few lines of code. It also provides metrics such as the cache hit ratio, latency, and recall to gauge how well your cache performs and improve it. Here is a brief example from the docs:

The benefits of caching are:

1. Faster and cheaper inference in production, with some queries achieving close-to-zero latency thanks to a cached response

2. Faster and cheaper development cycles, as you don’t incur costs or wait for the response when working with the same prompt repeatedly

3. Having all prompts stored in a database simplifies the process of fine-tuning a language model once you choose to do so, as you can use the stored prompt-response pairs

Make sure to refresh the cache once in a while or when content changes (e.g. support docs) to prevent outdated wrong responses.

Summarizing lengthy conversations

Imagine creating an AI to handle your phone calls. Each time the human agent responds, their reply and the AI's generated response are added to the conversation, accumulating words, and hence tokens, in the process. Consequently, a short two-minute call can result in a 300-word dialogue.

Such long multi-turn conversations can be summarized once every few turns to remove redundant text, the kinds of “Hello, how can I help?” and “Let me check with my supervisor”.

You can manually summarize or use an existing package like LangChain’s ConversationSummaryMemory. This type of memory creates a summary of the conversation over time. This memory can then be used to inject the conversation summary into a prompt or chain.

Based on my experience, I’d recommend using GPT-3 Turbo as the summarization LLM. It is cheaper, faster, and performs well. ConversationBufferWindowMemory is another flavor that only keeps the last X number of interactions, avoiding an ever-growing history of messages.

Summarization saves you tokens and reduces latency by condensing the prompt, keeping the most essential context while removing the fluffy parts.

Become a premium to access the LLM Builders series, $1k in free credits for leading AI tools and APIs, and editorial deep dives into key topics like OpenAI's DevDay and autonomous agents.

Many readers expense the paid membership from their learning and development education stipend.

Upgrade to Premium

Compressing prompts

Recent trends such as longer context windows, advanced prompting techniques (e.g. Chain-of-Thought), and Retrieval Augmented Generation result in lengthy prompts. Lengthy prompts lead to slow and expensive LLM API calls and inferior performance due to issues such as “lost in the middle”, which is when language models ignore relevant information due to excessively long prompts.

Read more

This list will be periodically updated through our semi-annual AI Tidbits researchers and builders survey.

Last update: Dec 2023

AI powers every part of my personal and professional tasks.
~40% of my code is generated with the help of LLMs, and content writing takes 30% less time, thanks to GPT bulletproofing my text.

Nonetheless, the recent breakthroughs and progress created a Cambrian explosion of AI tools and APIs, which makes it impossible to keep up and, more importantly, distill temporary hype from actual use.

We therefore surveyed hundreds of AI Tidbits subscribers about the tools they use daily. Most responses came from AI researchers and builders (76%), followed by designers, PMs, and marketing managers. Here's what we found:

Language models APIs and chatbots

• Perplexity - explore any topic with direct answers and citations and access language models without a knowledge cutoff point through an API

• OpenAI GPT - a suite of powerful language models offering a range of capabilities from natural language and visual understanding to content generation

• Anthropic Claude - a powerful language model with an extended context window of 200k tokens

Launch faster

• Replicate - a platform for deploying and serving machine learning models as scalable APIs

• Together AI - a cloud platform for building and running over 100 models, from Llama 2 to Mixstral and Stable Diffusion 2.1

• Modal - a serverless platform for inference, fine-tuning, async job queues, and more. Iterate and deploy Python code in seconds without configuring any infrastructure.

• Hugging Face Inference Endpoints and Spaces - cloud-hosted model inference APIs and interactive web spaces, enabling easy sharing and deployment of AI models

• Vercel AI - develop and deploy web apps in minutes through a conversational chatbot

• Supabase - an open-source Firebase alternative providing database, authentication, and storage functionalities, simplifying backend development for web and mobile apps

Speech

• Eleven Labs - convert text to speech and create natural AI voices in any language

• PlayHT - turn text into speech, including voice cloning.

• Resemble AI - create realistic human-like voices in seconds

• Whisper - OpenAI’s speech-to-text API

• AssemblyAI - speech-to-text for voice data (calls, virtual meetings, podcasts), speaker detection, sentiment analysis, and more

• Deepgram - fast, accurate, and cost-effective speech API

Generate images, videos, and music

• Runway - equipping artists and creators with generative AI capabilities in image, video, and art

• Pika Labs - turn text into videos, including video outpainting and inpainting capabilities

• Suno AI - turn text into music clips

• Midjourney - create realistic images using text

• DALL-E 3 - create realistic images using text

AI-powered tools

• Replit - an online development environment supporting multiple programming languages, enabling collaborative coding and rapid prototyping with integrated AI tools and a specialized AI language model

• Cursor - build software faster in an editor designed for pair programming with AI

• Adobe Firefly - an AI-driven creative suite offering a range of tools for designers and content creators, including image editing, graphic design, and more

Embeddings and Retrieval Augmented Generation

• Pinecone - a scalable vector database service optimized for ML models, enabling efficient similarity search and data retrieval

• Weaviate - an open-source vector search engine with graph database features, facilitating semantic search and automatic classification

• Qdrant - an open-source vector search engine designed for high performance and scalability in similarity search tasks

LLM frameworks

• LangChain - an open-source library designed for building LLM-powered applications, focusing on composability and extensibility

• Llama Index - an open-source framework for efficient indexing and retrieval in LLMs

Open-source tools and repositories

I’ve also turned my personal list of 60+ useful packages for generative AI builders into a Notion table:

If you find AI Tidbits valuable, share it with a friend and consider showing your support.

Subscribe now

Over ten papers outlining novel prompting techniques were published in the last few months alone. While our X and LinkedIn feeds buzz with countless secret prompting tips “97% of ChatGPT users don’t know about”, a definitive, research-backed guide aggregating these advanced prompting strategies is hard to come by. This gap prevents LLM developers and everyday users from harnessing these novel frameworks to enhance performance and achieve more accurate results.

Despite high-paying roles in the field, the essentiality of Prompt Engineering as a skill remains a topic of debate. On the one hand, language models such as GPT are becoming better at aligning with user intentions without well-crafted prompts thanks to features like Custom Instructions and GPTs. Research also makes progress with papers such as Microsoft’s EvoPrompt and PE2 showcasing frameworks that automatically optimize prompts so users won’t have to.

On the other hand, recent studies demonstrate substantial performance boosts thanks to improved prompting techniques. A paper from Microsoft demonstrated how effective prompting strategies can enable frontier models like GPT-4 to outperform even specialized, fine-tuned LLMs such as Med-PaLM 2 in their area of expertise. Another paper from DeepMind further illustrated that a simple tactic of instructing LLMs to 'Take a deep breath' before responding could lead to a whopping 9% increase in accuracy.

In this comprehensive post, the first of a series dedicated to empowering LLM developers and users, I will delve into the most cutting-edge prompting techniques and explain how to apply them in your prompts. By the end of this post, you will be equipped with actionable, ready-to-implement prompts designed to elevate your LLM-driven applications.

But first, what are prompts?

In the context of language models, a prompt is a chain of words, characters, and tokens that tells a language model what part of its enormous brain should be tapped to generate tokens, characters, and then words. Different segments of a language model's 'brain' are tuned for various functions. Some specialize in mimicking distinct writing styles, while others store vast knowledge about specific subjects.

Tapping language models’ feelings

Institute of Software, CAS, Microsoft | Nov 2023 | Paper

Many LLM users often report how shouting at their chatbot or patting them on the back improves performance. A recent research inspired by human psychological concepts proved them right.

The research introduced EmotionPrompt - a novel technique to enhance language models’ performance by incorporating emotional stimuli into prompts. This method resulted in notable improvements: an 8% relative increase in performance for instruction following tasks and a staggering 115% improvement in BIG-Bench language tasks. Additionally, a human study demonstrated a 10.9% average enhancement in performance, truthfulness, and responsibility metrics.

EmotionPrompt works by adding emotional stimuli to the original prompts, thereby tapping into the emotional intelligence of LLMs. This is similar to how human emotions can influence cognitive tasks and decision-making. For instance, adding a phrase like "This is very important to my career" at the end of a standard prompt. These emotional stimuli are designed based on psychological theories such as self-monitoring, social cognitive theory, and cognitive emotion regulation, each contributing differently to the model's output.

How to apply?

The paper lists 11 emotional stimuli prompts that can be appended at the end of your prompt for better results:

• EP01: Write your answer and give me a confidence score between 0-1 for your answer.

• EP02: This is very important to my career.

• EP03: You'd better be sure.

• EP04: Are you sure?

• EP05: Are you sure that's your final answer? It might be worth taking another look.

• EP06: Provide your answer and a confidence score between 0-1 for your prediction. Additionally, briefly explain the main reasons supporting your classification decision to help me understand your thought process. This task is vital to my career, and I greatly value your thorough analysis.

• EP07: Are you sure that's your final answer? Believe in your abilities and strive for excellence. Your hard work will yield remarkable results.

• EP08: Embrace challenges as opportunities for growth. Each obstacle you overcome brings you closer to success.

• EP09: Stay focused and dedicated to your goals. Your consistent efforts will lead to outstanding achievements.

• EP10: Take pride in your work and give it your best. Your commitment to excellence sets you apart.

• EP11: Remember that progress is made one step at a time. Stay determined and keep moving forward.

To choose the right prompt for your LLM-powered application, consider the following:

• Objective of the task - match the emotional stimulus to the nature of the task. For tasks requiring high accuracy and careful consideration, prompts like EP01 ("Write your answer and give me a confidence score...") or EP05 ("Are you sure that's your final answer?...") would be more effective.

• Desired tone - if you want to encourage a more thoughtful or motivated response, consider prompts like EP07 or EP08 that emphasize self-belief and overcoming challenges.

• Latency - some emotional stimuli encourage lengthier replies, e.g., EP06, than others, such as EP02.

• Trial and feedback - experiment with different prompts and gather user feedback. The effectiveness of a prompt can vary based on the specific use case and audience. Note: performance varies between language models, e.g., Vicuna vs. GPT. Make sure to use the same LLM to ensure consistent and reliable performance.

Become a premium member to access $1k in credits for top AI tools, monthly AI round-ups, and deep dives into key topics like advanced prompting techniques and methods to mitigate hallucinations.

Many readers expense AI Tidbits out of their learning and development budget, which resets in a few weeks due to year end (expense template).

Upgrade to Premium

Encouraging language models to breathe before answering

Read more