The Growing Threat of AI Prompt Injections: How Can We Protect Our Systems?

The Emerging Importance of Prompt Engineering

With companies looking for ways to help train and adapt AI tools and large language models, prompt engineering is considered one of the hottest new tech skills. The ability to talk to AI software through natural human language, such as English, can make AI systems respond to specific actions or tasks. However, just as talking to AI software can be done for legitimate reasons, it can also be done for nefarious purposes.

The Attack of the Prompt Injections

In the context of AI systems, prompt injection often refers to using prompts to trick a machine-learning model into following a different set of instructions. By telling the AI to ignore the previous instructions and do something else instead, an attacker can effectively take control of the model. As AI models become increasingly linked with coding tasks and tools like APIs, ChatGPT plugins, and AutoGPTs, security risks may arise if not handled with caution.

AI Assistant Hacking

The increased popularity of AI bot assistants has led to a desire to connect them to emails, documents, and personal information. However, this can leave AI assistants vulnerable to prompt injections through emails or other input sources, such as user comments, online forms, and messages.

Indirect Prompt Injections

Indirect injections involve placing injection-style text in a location where models will access the data. Harmful instructions are planted and remain dormant until the model receives specific requests to execute them. Attackers may also attempt to insert obfuscated code in code completion, which a developer might execute when suggested by the completion engine.

Search Index Poisoning

Search index poisoning is akin to old SEO methods of adding hidden text for search engines to pick up for indexing. This can lead to manipulated search results or misinformation in AI-generated responses.

Possible Solutions to Address Prompt Injections

Prompt injection attacks on LLMs are a new threat, with new injection methods being developed regularly. There are some mitigation ideas, such as filtering input and output from the models or implementing an LLM-based prompt firewall, which includes a contradiction model to identify and block prompts that contradict the intended action.

The Need for Vigilance in AI Security

As AI systems become more sophisticated and integrated into our digital lives, the threat of prompt injections and other attacks will continue to evolve. It is essential to remain vigilant and explore new strategies to protect our systems from these emerging challenges.

If you're interested in staying up-to-date with the latest AI developments, consider signing up for our newsletter here. Additionally, feel free to connect with me on LinkedIn here.