An Early Categorization of Prompt Injection Attacks on Large Language Models
This addresses security concerns for LLM developers and users, but it is incremental as it builds on existing literature with a categorization.
The paper tackles the problem of controlling large language models by categorizing prompt injection attacks, providing an overview of emergent threats to guide future research and vulnerability checks.
Large language models and AI chatbots have been at the forefront of democratizing artificial intelligence. However, the releases of ChatGPT and other similar tools have been followed by growing concerns regarding the difficulty of controlling large language models and their outputs. Currently, we are witnessing a cat-and-mouse game where users attempt to misuse the models with a novel attack called prompt injections. In contrast, the developers attempt to discover the vulnerabilities and block the attacks simultaneously. In this paper, we provide an overview of these emergent threats and present a categorization of prompt injections, which can guide future research on prompt injections and act as a checklist of vulnerabilities in the development of LLM interfaces. Moreover, based on previous literature and our own empirical research, we discuss the implications of prompt injections to LLM end users, developers, and researchers.