arXiv 2302.12173

Introduction

This paper, titled "Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection," addresses critical vulnerabilities in Large Language Model (LLM) integrated applications.

Key Features

• Indirect Prompt Injection: The paper uncovers new attack vectors that allow adversaries to exploit these applications remotely.
• Comprehensive Taxonomy: It provides a categorization of potential impacts and vulnerabilities related to data theft and information ecosystem contamination.
• Real-World Viability: Demonstrates practical attacks against existing systems like Bing's GPT-4 and other code-completion engines.

Benefits

• Promotes Awareness: Raises awareness about the emerging threats posed by LLMs in real-world applications.
• Encourages Safe Deployment: Aims to foster the safe and responsible deployment of LLMs by highlighting necessary defenses.

Highlights

• Discusses the blurring lines between user inputs and system instructions.
• Provides insights into the implications of exploiting LLM-integrated systems.