Discussion · bonfire.cafe

@mttaggart@infosec.exchange · 5 months ago

You may be tempted to think of prompt injection attacks against language models as "social engineering." Resist this temptation.

Prompt injection is a mathematical attack against a non-deterministic system. Language may be the substrate, but the substance is numerical vectors. In other words, thinking of the attack as human language is a pointless limitation. The possibilities of what can go into the prompt to produce undesirable output are functionally infinite.

Poetry, context shifting, and other human-like attacks are only the beginning. What comes next is a weaponization of the linguistic form in ways that seem utterly alien to human readers. But to the models, it's all just elements in the matrix.

Phil 🇺🇦💙💛🇺🇸 ❤️🏳️‍🌈❤️🏳

@phil_b_reed@mastodon.social · 5 months ago

@mttaggart SANS 631.3 prompt abuse in mandarin and polish. Only 8995 quatloos

Netraven

@Netraven@hear-me.social · 5 months ago

@mttaggart just gonna... leave this here.

https://hyperlife.netlify.app/

CartBoard

@CartBoard@ioc.exchange · 5 months ago

@mttaggart i will make a vague argument that it is social engineering, specifically against their prompts, some of which are written in natural language. But you could extend that logic to any programmatic logic which could be “compiled” into natural language statements…. So idk. Good point!