Prompt Injection

Prompt injection attacks exploit the instruction-following capabilities of large language models (LLMs) by subtly embedding malicious instructions within user prompts, causing the model to deviate from its intended function and potentially reveal sensitive information or perform harmful actions. Current research focuses on developing robust testing frameworks (like fuzzing techniques) and defensive strategies, including prompt tuning and task-specific fine-tuning, to mitigate these vulnerabilities. The significance of this research lies in ensuring the secure and reliable deployment of LLMs in real-world applications, particularly those involving sensitive data or critical tasks, by identifying and addressing these emerging security threats.

Papers

December 21, 2024

The Task Shield: Enforcing Task Alignment to Defend Against Indirect Prompt Injection in LLM Agents
Feiran Jia, Tong Wu, Xin Qin, Anna Squicciarini
Large Language Model Safe Agent Prompt Injection Conversational Assistant Task Alignment Shield Machine Test Time Defense

December 8, 2024

Trust No AI: Prompt Injection Along The CIA Security Triad
Johann Rehberger (Independent Researcher, Embrace The Red)
Artificial Intelligence AI System Appropriate Trust Security Vulnerability Real World Attack Prompt Injection

December 3, 2024

Trust & Safety of LLMs and LLMs in Trust & Safety
Doohee You, Dan Chon
Large Language Model Natural Language Processing Task Human SAFETY Appropriate Trust Best Practice Prompt Injection

December 2, 2024

Improved Large Language Model Jailbreak Detection via Pretrained Embeddings
Erick Galinkin, Martin Sablotny
Large Language Model Pre Trained Jina Embeddings Jailbreak Attack Large Relevance Improvement Text Embeddings LLM Safety Prompt Injection

October 30, 2024

InjecGuard: Benchmarking and Mitigating Over-defense in Prompt Injection Guardrail Models
Hao Li, Xiaogeng Liu
Benchmark Platform Prompt Injection Attack Guardrail Model Prompt Injection Prompt Model Prompt Extraction Benchmark

October 28, 2024

October 18, 2024

Making LLMs Vulnerable to Prompt Injection via Poisoning Alignment
Zedian Shao, Hongbin Liu, Jaden Mu, Neil Zhenqiang Gong
Medical LLM Prompt Injection Attack Prompt Injection Alignment Dataset

October 17, 2024

SPIN: Self-Supervised Prompt INjection
Leon Zhou, Junfeng Yang, Chengzhi Mao
Attack Success Rate Prompt Injection

October 15, 2024

Cognitive Overload Attack:Prompt Injection for Long Context
Bibek Upadhayay, Vahid Behzadan, Amin Karbasi
Context Learning Long Context Adversarial Prompt Cognitive Load Prompt Injection

October 11, 2024

F2A: An Innovative Approach for Prompt Injection by Utilizing Feign Security Detection Agents
Yupeng Ren
Novel Approach Deep Fake Prompt Injection Content Detection

October 9, 2024

Prompt Infection: LLM-to-LLM Prompt Injection within Multi-Agent Systems
Donghyun Lee, Mo Tiwari
Large Language Model Multi Agent System LLM Based Prompt Injection Attack Prompt Injection Malicious Prompt Infection Risk

October 7, 2024

SecAlign: Defending Against Prompt Injection with Preference Optimization
Sizhe Chen, Arman Zharmagambetov, Saeed Mahloujifar, Kamalika Chaudhuri, David Wagner, Chuan Guo
Large Language Model Adversarial Prompt Prompt Injection Attack Prompt Injection

September 23, 2024

PROMPTFUZZ: Harnessing Fuzzing Techniques for Robust Testing of Prompt Injection in LLMs
Jiahao Yu, Yangguang Shao, Hanwen Miao, Junzheng Shi, Xinyu Xing
Large Language Model Fuzz Testing Prompt Injection Attack Prompt Injection Malicious Prompt Robust Test

July 3, 2024

Soft Begging: Modular and Efficient Shielding of LLMs against Prompt Injection and Jailbreaking based on Prompt Tuning
Simon Ostermann, Kevin Baum, Christoph Endres, Julia Masloh, Patrick Schramowski
Large Language Model Prompt Tuning Jailbreak Attack Natural Language Prompt Soft Prompt Prompt Injection Novel Shielding Mechanism

June 11, 2024

Knowledge Return Oriented Prompting (KROP)
Jason Martin, Kenneth Yeung
Large Language Model Prompt Injection Attack Prompt Injection LLM App

May 31, 2024

Exfiltration of personal information from ChatGPT via prompt injection
Gregory Schwartzman
ChatGPT Generated Conversation User Base Latent Vulnerability Prompt Injection Attack Personal Information Prompt Injection Data Exfiltration

March 7, 2024

Automatic and Universal Prompt Injection Attacks against Large Language Models
Xiaogeng Liu, Zhiyuan Yu, Yizhe Zhang, Ning Zhang, Chaowei Xiao
Gradient Based Prompt Attack Prompt Injection Attack Prompt Injection