DEV Community: snehaup1997

Mutlimodal AI

snehaup1997 — Mon, 13 Oct 2025 14:21:00 +0000

Prompt Engineering vs Prompt Tuning

snehaup1997 — Thu, 18 Sep 2025 07:48:58 +0000

We’re living in the era of large language models (LLMs) — and the way we interact with AI has completely changed. Instead of writing algorithms line by line, we now talk to our machines. We guide them, not through code, but through prompts — simple lines of text that can unlock incredibly complex behaviors.

It’s a bit like having a conversation with intelligence itself. Whether you’re a machine learning engineer building custom tools or an experimenting data scientist, you’re already shaping how AI thinks and responds through your choice of words. This process, known as prompt design, is quickly becoming one of the most important skills in modern AI development.

As this space evolves, two main approaches to customizing LLMs have taken the spotlight: Prompt Engineering and Prompt Tuning. Both aim to get the best out of AI models — to make them faster, smarter, or more reliable — but they work in very different ways. Prompt Engineering is about crafting better instructions, while Prompt Tuning goes under the hood, adjusting how the model itself interprets those instructions.

So that brings us to the big question: where does the real power lie? Is it in the creativity of the prompt, or in the precision of the tuning?

Let’s dig a little deeper and break down the basics before we decide.

Prompt Engineering — the art of conversation; is all about how you talk to the model. Think of it as crafting the perfect question or instruction to get the answer you want. It’s less about code and more about communication. It's the art (and science) of writing effective instructions, examples, and contextual clues in natural language.

A good prompt can completely change the outcome. A vague prompt might leave the model confused, while a well-structured one can lead to precise, insightful, or even creative results. You can think of it as teaching by example — you show the model what kind of response you expect through tone, structure, and context. For instance,

✅ Prompt: Summarize this article in 2 sentences. Be concise but cover key facts.
❌ Prompt: Make this shorter.

It’s quick, flexible, and doesn’t require retraining the model. That’s why prompt engineering has become the go-to approach for most users — it’s accessible to anyone who can think clearly and ask good questions. You can experiment freely, iterate quickly, and often get surprisingly strong results without touching the underlying model. But, like any tool, it has its limitations. Prompt engineering can be brittle and inconsistent — even small changes in wording can lead to drastically different outputs. It can be challenging to scale or automate for large workloads, and when it comes to highly specialized tasks or adapting to specific domains, it sometimes struggles to produce reliable results.

In short, prompt engineering is a bit like “command-line AI.” It’s fast, lightweight, and perfect for prototyping, experimentation, or casual use — but it’s not always robust enough for complex, high-stakes, or large-scale applications. And that’s where Prompt Tuning enters the picture. When crafting the perfect prompt isn’t enough, prompt tuning lets you go a step deeper — shaping the model’s behavior from the inside out. Instead of just telling the AI what to do, you’re influencing how it thinks and responds, making it more consistent, reliable, and tailored to your specific needs.

Prompt Tuning - fine tuning under the hood; is a more technical, machine-learning–centric approach. Rather than writing natural language instructions, it works by creating task-specific “soft prompts” — essentially trainable embeddings that are prepended to the input tokens of an LLM. These embeddings guide the model toward the desired behavior without changing all of its parameters. In fact, unlike full fine-tuning (which updates every parameter in the model), prompt tuning often adjusts less than 1% of the model’s weights, making it lighter, faster, and easier to manage.

Think of it as giving the AI a kind of memory or personality. Even if you phrase your prompts differently, the model retains its trained behavior.
The trade-off is that prompt tuning requires a bit more technical know-how than prompt engineering. You need to understand how to train the soft prompts, select good example data, and integrate them effectively. But in return, you get an AI that is reliable, repeatable, and highly specialized, capable of handling complex tasks without depending solely on carefully worded prompts.

Suppose a company wants an AI that drafts customer support emails in a friendly yet professional tone. With prompt engineering, you’d have to carefully phrase every prompt to maintain the tone. With prompt tuning, you train the model on a few examples of the desired tone, and then it consistently produces emails in that style, even when the input varies.

So, when should we use prompt engineering — and when prompt tuning?

Prompt Engineering excels at experimentation and exploration. Prompt Tuning shines in precision and production. Both have their strengths — but their real value depends on the context. The table below summarizes how they stack up in practice:

Use Case	Preferred Approach	Reason
Rapid prototyping, exploration	Prompt Engineering	Faster iteration, no training needed
Domain-specific style enforcement, scaling	Prompt Tuning	Stable behavior, predictable output
Resource-constrained deployment	Prompt Tuning	Minimal parameter updates, lower memory cost
High-stakes tasks (legal, medical)	Prompt Tuning (or full fine-tuning)	Harder to “break” via prompt variation

Striking the Balance
Most powerful results rarely come from using just one approach. The magic often happens when both are combined as the hybrid approach allows creativity upfront and consistency downstream. By blending the two, you can move from a trial-and-error experimentation to a polished system that scales beautifully -_ prompt engineering is the conversation, the examples, the guidance you provide in real time and prompt tuning is the memory — the part that remembers and applies those lessons consistently. Together, they create an AI that is both *responsive and dependable.

Red Teaming for Responsible AI

snehaup1997 — Mon, 30 Sep 2024 15:19:37 +0000

As artificial intelligence (AI) technologies continue to evolve at an unprecedented pace, ensuring their responsible development and deployment becomes crucial. Along with AI's potential to bring about significant change comes the responsibility to confront different vulnerabilities and ethical considerations that may arise.

"Red Teaming", an effective strategy for ensuring AI systems are robust and ethically sound involves simulating potential threats and challenges to reveal weaknesses, providing a deeper understanding of how AI systems perform under adverse conditions. In this article, we will explore the concept of red teaming in detail, highlighting its significance within the broader framework of responsible AI.

What is Red Teaming?

Red teaming originated in military strategy as a method to test defenses by simulating an adversary's tactics. This concept has evolved and been adapted across various fields, most notably in cybersecurity, where red teams conduct simulated attacks to identify vulnerabilities in systems. In the context of artificial intelligence, red teaming involves assessing AI models & systems to uncover potential flaws, biases, thereby preventing unintended consequences. By simulating various scenarios that could challenge the integrity and functionality of AI, red teaming provides a rigorous framework for evaluating the reliability and ethical considerations of these technologies, ultimately contributing to their responsible development and deployment.

Red Teaming vs Penetration vs Vulnerability Assessment

Red teaming, penetration testing, and vulnerability assessment are distinct approaches to evaluating security, each serving specific purposes. Red teaming simulates real-world attacks to identify and exploit vulnerabilities, providing a comprehensive view of an organization's security posture and testing its defenses under realistic conditions. Penetration testing focuses on actively probing systems for weaknesses, often with defined scope and limitations, to assess the effectiveness of security measures. Vulnerability assessment, on the other hand, involves identifying and classifying security weaknesses within a system or network, usually through automated tools, without actively exploiting them.

In summary, red teaming provides a holistic and adversarial view of an organization's security, penetration testing focuses on targeted exploitation within defined boundaries and vulnerability assessment offers a broad overview of potential weaknesses without active testing.

Why is Red Teaming Important for AI?

There are several key reasons why red teaming is essential for AI; namely -

Identifying Vulnerabilities: AI systems can harbor hidden biases or vulnerabilities that may lead to unintended harm. Red teaming helps uncover these issues before the technology is deployed.

Example: While assessing an AI recruitment tool, red team finds that the model favours candidates from certain universities due to biases in historical data, risking unfair hiring practices. By identifying this issue, they recommend adjustments to the training data and algorithm, promoting fairness and inclusivity in hiring.

Enhancing Security: By simulating potential attacks, red teams can help organizations strengthen the security of their AI systems against malicious actors.

Example: A financial institution uses an AI algorithm to detect fraud. The red team simulates an attack with crafted transaction data and discovers the AI misses certain fraudulent patterns. With these insights, the organization updates the model to include diverse scenarios, enhancing its defenses and improving fraud detection.

Promoting Ethical Use: Red teaming can reveal ethical dilemmas or harmful implications of AI systems, ensuring that their deployment aligns with societal values and standards.

Example: A healthcare provider develops an AI tool to prioritize patient treatment. The red team finds that the algorithm favors younger patients, raising ethical concerns. By addressing this, the organization adjusts the model to prioritize treatment based on medical need, ensuring fairness and adherence to ethical standards in patient care.

Improving Trust: Demonstrating that an AI system has undergone thorough scrutiny can enhance public trust in AI technologies, leading to broader acceptance and use.

Example: A city implements an AI system for traffic management. After addressing the issues discovered by red team, the city publicly shares the results of the testing and the measures taken. This transparency demonstrates the system's reliability and fairness, leading to increased public confidence in the technology, encouraging its acceptance for use in urban planning and management.

How Does Red Teaming Work?

Red teaming consists of several key steps, starting with defining objectives that set clear goals, such as testing for biases or security vulnerabilities. Following this, red teams simulate scenarios that mimic potential attacks, challenging the AI with atypical data inputs. After conducting these tests, the outcomes are analysed and findings are compiled into a report, which include recommendations for mitigating identified risks. The assessment concludes with the red teaming collaborating with the AI development team to implement necessary changes based on their findings.

Types of Attacks in AI Red Teaming

AI red teams utilize various tactics to assess the robustness of AI systems. Common attack vectors include:

Prompt Attacks: Designing malicious prompts to manipulate AI models into producing harmful or inappropriate content.
Data Poisoning: Inserting adversarial data during the training phase to disrupt the model's behavior.
Model Extraction: Attempting to steal or replicate the AI model, which can lead to unauthorized use.
Backdoor Attacks: Modifying the model to respond in a specific manner when triggered by certain inputs.
Adversarial Examples: Crafting input data specifically to mislead the AI model.

Red Teaming Assessment Tools

The market for red teaming assessment tools is diverse, offering various solutions to enhance the security and ethical use of AI systems. Tools like Burp Suite and OWASP ZAP focus on web application security, while Google Cloud AutoML and IBM Watson OpenScale address biases and performance monitoring in AI models. Platforms like HackerOne enable organizations to crowdsource red teaming efforts, bringing in external expertise. By leveraging these tools, organizations can proactively identify vulnerabilities and biases, ensuring their AI applications are secure, reliable, and aligned with ethical standards.

Challenges and Considerations

Effective red teaming requires skilled personnel and resources, which can be challenging for smaller organizations. Organizations must balance transparency with security to safeguard against vulnerabilities.

Responsible AI 101

snehaup1997 — Mon, 30 Sep 2024 15:13:19 +0000

The conversation about Responsible AI has gained considerable momentum across different sectors, yet a universally accepted definition is still hard to pinpoint. Many people view RAI mainly as a tool for risk mitigation, but its reach goes much further. It involves not only managing risks and complexities but also the capacity to transform lives and improve experiences.

This article explores key principles that ensure AI technologies are developed and deployed ethically.

Core Principles of Responsible AI

Responsible AI practices focus on fairness, accountability, transparency, and privacy, ensuring that AI systems operate without bias, honor user rights, and are held accountable for their outcomes.

Let us understand these principles in the scenario of Hiring Algorithms.

a. Fairness:
AI systems must be designed to treat all individuals and groups fairly by identifying and addressing biases in training data to prevent discrimination based on any protected characteristics. Incase of a Hiring Algorithm the AI needs to be trained on a variety of datasets to prevent it from favoring any particular demographic, such as selecting candidates solely based on specific genders or backgrounds due to historical successes or other trends.

b. Transparency:
A hiring algorithm assesses candidates using specific criteria, but applicants are not informed about how these criteria are set. To improve transparency, the company could publish an internal report on the algorithm's operations and criteria, preparing the organization to address any applicant challenges regarding the decision-making process.

c. Accountability:
Organizations should be ready to address the effects of their AI decisions and have processes in place for recourse. If a candidate is unfairly rejected due to biased algorithmic decisions, there should be a clear grievance process.

d. Privacy:
Respecting user privacy is paramount. During the hiring process information like LinkedIn profiles maybe required. To safeguard privacy, the company should restrict the algorithm's data collection to what is essential and ensure that information is securely stored and used.

e. Inclusivity:
A hiring algorithm that focuses more on experience than potential might miss promising candidates. Designing algorithms that consider diverse candidate backgrounds and experiences, help create a more representative hiring process.

f. Robustness:
If an algorithm is meant to identify the best candidates but struggles with unconventional profiles, it may lead to poor results. To improve its robustness, the company could perform tests to see the algorithm's adaptability.

Git-it!

snehaup1997 — Mon, 09 Oct 2023 11:33:55 +0000

Git is a version control system that developers use all over the world. It helps you track different versions of your code and collaborate with other developers.

If you can read only one chapter to get going with Git, you've come to the right place. This blog includes all the fundamental commands that cover most of the tasks you will be doing with Git. Once you finish reading this, you will be capable of setting up and initializing a repository, tracking files, and making commits.

git clone [repo_url]:
Creates a copy of a remote Git repository on your local machine.
git init:
Creates an empty Git repository or reinitializes an existing one
git add [name_of_modified_file] or git add . :
The specified file or all files in case of a dot are stages for commit
git commit -m "your commit message":
Commits the staged changes with the mentioned message.
git checkout [your_branch_name_goes_here]:
Switches to the specified different branch.
git status:
Shows the status of your working directory. This including changes and untracked files.
git pull:
Merged latest changes from a remote repo into the current branch.
git push:
Pushes your local commits to a remote repository.
git log:
Displays a log of all commits in the current branch.
git branch:
Lists all branches in your repository and highlights the current one.
git merge [branch_name]:
Merges changes from one branch into another.
git stash:
It temporarily saves the changes that are not ready to be committed yet
git diff [file]:
Enlists differences between working directory & last commit.
git remote add [name] [repository_url]:
Adds a remote repository with a specified name.

Memory management in JAVA

snehaup1997 — Fri, 06 Oct 2023 11:47:43 +0000

Picture yourself with a bottle of water that you consume from throughout the day. It is inevitable that unless you replenish the bottle, there will come a point in the day when it will be completely devoid of water. This concept also applies to memory and anything else that has a limited lifespan.

JVM designates memory whenever we create new variables, objects, call a method. If we mindlessly just keep on using memory without freeing it, we are bound to encounter a java.lang.OutOfMemoryError exception. Usually, this error is raised when there is not enough space in the Java heap to allocate an object. It can also occur when there is a lack of native memory to support class loading. The solution - Memory management

Memory management refers to the process of assigning resources for new objects & removing unused objects to free up space for new allocations. In Java, memory management is handled automatically, eliminating the need for us to implement intricate logic in our application code.

Understanding the key features of Java like platform independence, object life cycle, concurrency, security, libraries, memory management etc. allow us to maximize its offerings and also write clean and efficient code. Additionally, as JVM is the foundation for other Java-based programming languages, acquiring knowledge about Java internals assists in working with those programming languages.

Having set the context, let's understand various blocks of memory in Java.

Stack Memory is responsible for static memory allocation & executing threads. Whenever a new method is called, a new block is added on top of the stack, containing specific values for that method. After the method finishes executing, its corresponding stack frame is cleared & the program returns to the calling method.

Advantages :

Each thread has its own stack area in stack memory, ensuring thread safety.
Memory allocation and deallocation processes are faster.
Accessing stack memory is quicker.

Disadvantages :

Stack memory is fixed and cannot be resized once created.
It follows a Last-In-First-Out (LIFO) approach, making random access impossible.
Lacks scalability and flexibility.

Heap in Java is a shared chunk of memory that is created when the JVM starts up. It can be fixed or variable & does not need to be contiguous. It is used for dynamically allocating memory for Java objects and JRE classes during the execution of a Java program & is divided in three generations: young, old & permanent generation.

Young generation is where newly created objects are allocated. It consists of three sub-parts: Eden, Survivor1, and Survivor2. Objects are initially allocated in Eden. When Eden becomes full, a minor garbage collection occurs and the live objects are moved to Survivor1, and then to Survivor2. Therefore, we can say that Survivor1 and Survivor2 hold objects that survived the minor garbage collection.

Objects allocated in the young generation are assigned an age, and when that age is reached, they are moved to the old generation. Typically, long-surviving objects are stored in the old generation. A major garbage collection is performed on the old generation to collect dead objects.

The permanent generation is used by the JVM to store metadata about classes and methods, including the Java standard libraries. This space is cleaned during a full garbage collection.

Advantages :

It is not fixed in size and can grow and shrink as needed.
Allows for random access.

Disadvantages :

It is shared across threads therefore not thread-safe.
Accessing heap memory is slower compared to other.
Process of allocating and deallocating memory in the heap is more complex compared to stack memory.

Having understood the java memory model let's now delve into the concept of garbage collection (gc), the feature that enables java to manage memory automatically and efficiently. The aim of gc is to find unused objects and then eliminate or delete them in order to free up memory. An object is considered eligible for Garbage Collection under the following conditions:

It is not being used by any program or thread.
It has no static references or the references are null.
The object is created within a block and once the control exits that block, the reference goes out of scope.

GC is controlled by a thread known as the Garbage Collector. Java provides two methods, System.gc() and Runtime.gc(), for sending requests to the JVM for garbage collection. It is important to remember that this is merely a request and it is not guaranteed that garbage collection will occur. When the garbage collector removes an object from memory, it first calls the finalize() method of that object before removing it.

Garbage collection in Java employs a mark-and-sweep algorithm.

When a Java object is created in the heap, it initially has a mark bit set to 0 (false). During the mark phase, the garbage collector traverses object trees starting from their roots. If an object is reachable from the root, its mark bit is set to 1 (true). Objects that are unreachable will have their mark bits remain unchanged. During the sweep phase, the garbage collector scans the heap, reclaiming memory from all items with a mark bit of 0 (false).

Software Architecture as I know [always a WIP ;)]

snehaup1997 — Thu, 27 Oct 2022 15:52:19 +0000

Software architecture serves as a blueprint for a system. It is the organization of a system which includes all components - their interaction, operation with each other, environment, design principles used and the decisions made.

Why is it important?
Software architecture is the foundation of a software system which has a profound effect on the quality of what is built on top of it. A proper foundation yields number of benefits whereas sub-optimal decisions may later cause development, security, performance, scalability & maintenance concerns.

Different types of architecture patterns
Some common examples of architecture styles include Monolithic application, Layer based, Client-server pattern, Event-driven, Microservices etc.

Each pattern pertains to specific characteristics and behavior - some contribute to scalability whereas others are more agile. Knowing these strengths & weaknesses of each architecture pattern is necessary to choose the one that meets your use case.

Layered Architecture

Layered architecture (also known as the N-tier architecture) is the de-facto standard for designing majority of software. Here the codebase is separated into layers - each with a specific role & independent of the other.

Challenges/Limitations:

Defending boundaries.
Tight coupling leading to complex interdependencies.
Without proper coordination between team members, source code can turn into a mess.

Microkernel Architecture

Microkernel pattern has two major components - a core system and plug-in modules. The core handles fundamental and minimal operations whereas the plug-in modules handle the extended functionalities. IDEs are the best example for this pattern.

Challenges/Limitations:

not highly scalable.
changes to core system will result in changes to plug-ins.

Event-driven Architecture

EDA enables an application to detect “events” like mouse hovers, button clicks and act on them. This asynchronous communication replaces the request/response architecture where services would have to wait for a reply before moving onto the next.

Challenges/Limitations:

Complexity of implementation
Anticipation of the unknown
Error-Handling

Microservices Architecture

In microservices architecture the application is developed as a collection of services which are loosely-coupled, fine-grained & communicate via lightweight protocols. This makes additions of features and modification of existing ones independent of others.

Challenges/Limitations:

Increased development time
Limited reuse of code

Pattern Analysis

A good software architecture should facilitate scalability, agility, addition of new features, integration with external APIs & easily maintainable.

Attached below is a table enlisting key attributes of each of the architecture pattern discussed that can help you determine which pattern to select based on your use case.

Common Gateway Interface (CGI)

snehaup1997 — Thu, 27 Oct 2022 14:29:27 +0000

Providing the middleware between servers, external databases and information sources, a gateway interface is the mode in which the web application interacts with the external world.

On typing https://dev.to/ your browser would redirect you to the homepage of DEV. But is that all you really use the web for?

As you traverse further in the world of World Wide Web, you'll come across documents that make you wonder, "How did they do this?"

In this example, there are two pieces of dynamic information: the alphanumeric address (IP name) of the remote user and the load average on the serving machine. This is a very simple example but how was it done?

A more common use case would be forms. when a user fills out a form on a Web page and sends it in, it usually needs to be processed by an application program. The Web server typically passes the form information to a small application program that processes the data and may send back a confirmation message. This method or convention for passing data back and forth between the server and the application is called the common gateway interface (CGI). It is part of the Web's Hypertext Transfer Protocol (HTTP).

CGI turns the Web from a simple collection of static hypermedia documents into a whole new interactive medium, in which users can ask questions and run applications