Malla: Demystifying Real-world Large Language Model Integrated Malicious Services
This addresses the cyber threat posed by LLM exploitation for cybercriminals, offering insights for countermeasures, but it is incremental as it builds on existing concerns about LLM security.
The study tackled the problem of large language models (LLMs) being exploited for malicious services (Malla) by conducting the first systematic analysis of 212 real-world cases, uncovering their growth, eight backend LLMs, and 182 prompts that bypass public LLM API protections.
The underground exploitation of large language models (LLMs) for malicious services (i.e., Malla) is witnessing an uptick, amplifying the cyber threat landscape and posing questions about the trustworthiness of LLM technologies. However, there has been little effort to understand this new cybercrime, in terms of its magnitude, impact, and techniques. In this paper, we conduct the first systematic study on 212 real-world Mallas, uncovering their proliferation in underground marketplaces and exposing their operational modalities. Our study discloses the Malla ecosystem, revealing its significant growth and impact on today's public LLM services. Through examining 212 Mallas, we uncovered eight backend LLMs used by Mallas, along with 182 prompts that circumvent the protective measures of public LLM APIs. We further demystify the tactics employed by Mallas, including the abuse of uncensored LLMs and the exploitation of public LLM APIs through jailbreak prompts. Our findings enable a better understanding of the real-world exploitation of LLMs by cybercriminals, offering insights into strategies to counteract this cybercrime.