Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.”

Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of
LLMs through a Global Scale Prompt Hacking Competition

Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Top UK Universities Recovering Following Targeted DDoS Attack

February 20, 2024 0 Comments 0 tags

The attack, which has been claimed by Anonymous Sudan, has been confirmed to have impacted IT services at the universities of Cambridge and Manchester

TA577 Exploits NTLM Authentication Vulnerability

March 4, 2024 0 Comments 0 tags

Proofpoint warned the method could be used for data gathering and further malicious activities

Exclusive: eSentire Confirms Rhysida Ransomware Victims

February 21, 2024 0 Comments 0 tags

Since emerging in May 2023, the group claims to have victimized 77 companies and public institutions