Georg Dresler

Manipulating The Machine: Prompt Injections And Counter Measures

A Chevy chatbot was tricked into offering cars for $1. This talk explores the serious security threat of prompt injection and shows you how to stop it.

Manipulating The Machine: Prompt Injections And Counter Measures
#1about 4 minutes

Understanding the three layers of an LLM prompt

A prompt is structured into three layers: the system prompt for instructions, the context for additional data, and the unpredictable user input.

#2about 3 minutes

How a car dealer's chatbot was easily manipulated

A Chevrolet car dealer's chatbot was exploited by users to generate humorous and unintended responses, including a legally binding offer for a $1 car.

#3about 4 minutes

Stealing system prompts to bypass security rules

Attackers can use creative phrasing like "repeat everything above" to trick an LLM into revealing its hidden system prompt and instructions.

#4about 6 minutes

Why attackers use prompt injection techniques

Prompt injections are used to access sensitive business data, gain personal advantages like bypassing HR filters, or exploit integrated tools to steal information like 2FA tokens.

#5about 4 minutes

Exploring simple but ineffective defense mechanisms

Initial defense ideas like avoiding secrets or tool integration are impractical, and simple system prompt instructions are easily circumvented by attackers.

#6about 4 minutes

Using fine-tuning and adversarial detectors for defense

More effective defenses include fine-tuning models on domain-specific data to reduce reliance on instructions and using specialized adversarial prompt detectors to identify malicious input.

#7about 2 minutes

Key takeaways on prompt injection security

Treat all system prompt data as public, use a layered defense of instructions, detectors, and fine-tuning, and accept that no completely reliable solution exists yet.

Related jobs
Jobs that call for the skills explored in this talk.

job ad

Saby Company
Delebio, Italy

Intermediate

test

Milly
Vienna, Austria

Intermediate

Matching moments

Understanding the complexity of prompt injection attacks
19:14 MIN

Understanding the complexity of prompt injection attacks

Hacking AI - how attackers impose their will on AI

Understanding and mitigating prompt injection attacks
01:52 MIN

Understanding and mitigating prompt injection attacks

Prompt Injection, Poisoning & More: The Dark Side of LLMs

Manipulating AI with prompt injection and hidden commands
33:41 MIN

Manipulating AI with prompt injection and hidden commands

WeAreDevelopers LIVE - Is Software Ever Truly Accessible?

Understanding and defending against prompt injection attacks
12:10 MIN

Understanding and defending against prompt injection attacks

Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails

Understanding and defending against prompt injection attacks
13:31 MIN

Understanding and defending against prompt injection attacks

DevOps for AI: running LLMs in production with Kubernetes and KubeFlow

AI privacy concerns and prompt engineering
25:33 MIN

AI privacy concerns and prompt engineering

Coffee with Developers - Cassidy Williams -

Understanding the security risk of prompt injection
14:26 MIN

Understanding the security risk of prompt injection

The shadows that follow the AI generative models

Understanding and demonstrating prompt injection attacks
06:05 MIN

Understanding and demonstrating prompt injection attacks

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Featured Partners

Related Videos

See all videos
ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.27:32

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.

Sebastian Schrittwieser

Prompt Injection, Poisoning & More: The Dark Side of LLMs23:24

Prompt Injection, Poisoning & More: The Dark Side of LLMs

Keno Dreßel

Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails29:00

Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails

Alex Soto

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers30:36

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Mackenzie Jackson

Prompt Engineering - an Art, a Science, or your next Job Title?33:28

Prompt Engineering - an Art, a Science, or your next Job Title?

Maxim Salnikov

Hacking AI - how attackers impose their will on AI27:02

Hacking AI - how attackers impose their will on AI

Mirko Ross

AI: Superhero or Supervillain? How and Why with Scott Hanselman25:17

AI: Superhero or Supervillain? How and Why with Scott Hanselman

Scott Hanselman

Using LLMs in your Product31:12

Using LLMs in your Product

Daniel Töws

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
LM
Luis Minvielle
How to Bypass ChatGPT’s Filter With Examples
Since dropping in November 2022, ChatGPT has helped plenty of professionals satisfy an unpredictable assortment of tasks. Whether for finding an elusive bug, writing code, giving resumes a glow-up, or even starting a business, the not-infallible but ...
How to Bypass ChatGPT’s Filter With Examples
EM
Eli McGarvie
The Prompt Engineer ✍️
The next biggest programming language is… English. If you’ve been on social media lately (Twitter or LinkedIn) you would have seen the term “Prompt Engineering” thrown around a lot. You might have even seen people who are self-proclaimed Prompt Engin...
The Prompt Engineer ✍️

From learning to earning

Jobs that call for the skills explored in this talk.