Not What You Have Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection

作者： Kai Greshake, Saif Abdelnabi, Shrihari Mishra, Christoph Endres, Thorsten Holz, Mario Fritz (2023)

arXiv： 2302.12173

领域

安全

TLDR（中文）

揭示了间接提示注入攻击：攻击者通过控制 LLM 应用处理的外部数据（如网页、邮件、文档）来注入恶意指令，从而操控应用行为。展示了 Bing Chat、GitHub Copilot 等真实应用中的攻击场景。

TLDR (English)

Reveals indirect prompt injection attacks: adversaries control external data processed by LLM applications (web pages, emails, documents) to inject malicious instructions and hijack application behavior. Demonstrates attacks on Bing Chat, GitHub Copilot, and other real applications.

相关论文

同一领域的其他论文

• OpenAI o1 System Card OpenAI (2024)
  推理能力安全
• Constitutional AI: Harmlessness from AI Feedback Yuntao Bai et al. (2022)
  对齐安全
• Red Teaming Language Models to Reduce Harms: Methods, Scaling Behaviors, and Lessons Learned Deep Ganguli et al. (2022)
  安全评估
• Extracting Training Data from Large Language Models Nicholas Carlini et al. (2021)
  安全
• bai2022-hh
  对齐安全
• perez2022-redteaming
  安全评估