New technologies like large language models are often adopted quickly without established security best practices, creating new vulnerabilities.
A prompt injection occurs when untrusted user input contains instructions that hijack the LLM's behavior, overriding the developer's original intent defined in the context.
Attackers can use prompt injection to trick an LLM into revealing its confidential context or system prompt, exposing proprietary logic or sensitive information.
LLM plugins that access external data like emails or websites create an indirect attack vector where malicious prompts can be hidden in that external content.
Prompt injection mirrors traditional SQL injection by mixing untrusted data with developer instructions, but lacks a clear mitigation like prepared statements.
Common security tactics like input filtering and blacklisting are ineffective against prompt injections due to the flexibility of natural language and encoding bypass techniques.
Advanced strategies include requiring user confirmation for sensitive actions or using a dual LLM architecture to isolate privileged operations from untrusted data processing.
There is currently no perfect solution for prompt injection, making developer awareness and careful design of LLM interactions the most critical defense.
Wilken GmbH
Ulm, Germany
27:10Georg Dresler
24:23Balázs Kiss
31:19Wolfgang Ettlinger & Alexander Hurbean
23:24Keno Dreßel
29:47Thomas Chauchefoin & Paul Gerste
27:19Nura Kawa
29:00Alex Soto
30:36Mackenzie Jackson
.png?w=240&auto=compress,format)
Jobs that call for the skills explored in this talk.
Wolters Kluwer
Alphen aan den Rijn, Netherlands
Collaboration Betters The World GmbH
Looma Gmbh
Magdeburg, Germany
Ignite Technical Resources
Richmond, United Kingdom
