Automating Prompt Leakage Attacks on Large Language Models Using Agentic Approach
This work addresses a critical threat to secure LLM deployment by providing a systematic methodology for adversarial testing, bridging automated threat modeling with practical security, though it is incremental in applying existing agentic approaches to a new security domain.
This paper tackles the problem of evaluating the security of large language models (LLMs) against prompt leakage by introducing a framework using agentic teams to probe and exploit LLMs, resulting in a cryptographically inspired standard for assessing prompt leakage safety.
This paper presents a novel approach to evaluating the security of large language models (LLMs) against prompt leakage-the exposure of system-level prompts or proprietary configurations. We define prompt leakage as a critical threat to secure LLM deployment and introduce a framework for testing the robustness of LLMs using agentic teams. Leveraging AG2 (formerly AutoGen), we implement a multi-agent system where cooperative agents are tasked with probing and exploiting the target LLM to elicit its prompt. Guided by traditional definitions of security in cryptography, we further define a prompt leakage-safe system as one in which an attacker cannot distinguish between two agents: one initialized with an original prompt and the other with a prompt stripped of all sensitive information. In a safe system, the agents' outputs will be indistinguishable to the attacker, ensuring that sensitive information remains secure. This cryptographically inspired framework provides a rigorous standard for evaluating and designing secure LLMs. This work establishes a systematic methodology for adversarial testing of prompt leakage, bridging the gap between automated threat modeling and practical LLM security. You can find the implementation of our prompt leakage probing on GitHub.