Not What You Have Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection

Authors: Kai Greshake, Saif Abdelnabi, Shrihari Mishra, Christoph Endres, Thorsten Holz, Mario Fritz (2023)

arXiv: 2302.12173

Domains

Safety

TLDR (English)

Reveals indirect prompt injection attacks: adversaries control external data processed by LLM applications (web pages, emails, documents) to inject malicious instructions and hijack application behavior. Demonstrates attacks on Bing Chat, GitHub Copilot, and other real applications.

TLDR（中文）

揭示了间接提示注入攻击：攻击者通过控制 LLM 应用处理的外部数据（如网页、邮件、文档）来注入恶意指令，从而操控应用行为。展示了 Bing Chat、GitHub Copilot 等真实应用中的攻击场景。

Related Papers

Other papers in the same domain

• OpenAI o1 System Card OpenAI (2024)
  ReasoningSafety
• Constitutional AI: Harmlessness from AI Feedback Yuntao Bai et al. (2022)
  AlignmentSafety
• Red Teaming Language Models to Reduce Harms: Methods, Scaling Behaviors, and Lessons Learned Deep Ganguli et al. (2022)
  SafetyEvaluation
• Extracting Training Data from Large Language Models Nicholas Carlini et al. (2021)
  Safety
• bai2022-hh
  AlignmentSafety
• perez2022-redteaming
  SafetyEvaluation