zlacker

[parent] [thread] 2 comments
1. hhjink+(OP)[view] [source] 2023-11-19 10:48:30
How do you "discover" that user input can be used for injection attacks?
replies(1): >>upward+N
2. upward+N[view] [source] 2023-11-19 10:54:44
>>hhjink+(OP)
Good question. We were the first team to demonstrate that this type of vulnerability exists in LLMs. We then made an immediate responsible disclosure to OpenAI, which is confirmed as the first disclosure of its kind by OWASP:

https://github.com/OWASP/www-project-top-10-for-large-langua...

In the citations:

14. Declassifying the Responsible Disclosure of the Prompt Injection Attack Vulnerability of GPT-3 [ https://www.preamble.com/prompt-injection-a-critical-vulnera... ]: Preamble; earliest disclosure of Prompt Injection

replies(1): >>vasco+zx7
◧◩
3. vasco+zx7[view] [source] [discussion] 2023-11-21 07:09:10
>>upward+N
You "discovered" trying to fool a chatbot? It's one of the first things everyone does, even with old generation chatbots before LLMs.

If so then 4chan had prior art, discovering prompt injections when they made Microsoft's Tay chatbot become a racist on twitter.

[go to top]