An Early Categorization of Prompt Injection Attacks on Large Language Models

TL;DR

This paper provides an early categorization of prompt injection attacks on large language models, highlighting emerging threats and guiding future research and development efforts.

Contribution

It introduces a novel categorization framework for prompt injections, aiding in understanding vulnerabilities and informing mitigation strategies.

Findings

Categorization of prompt injection types

Implications for users, developers, researchers

Guidelines for future research and security measures

Abstract

Large language models and AI chatbots have been at the forefront of democratizing artificial intelligence. However, the releases of ChatGPT and other similar tools have been followed by growing concerns regarding the difficulty of controlling large language models and their outputs. Currently, we are witnessing a cat-and-mouse game where users attempt to misuse the models with a novel attack called prompt injections. In contrast, the developers attempt to discover the vulnerabilities and block the attacks simultaneously. In this paper, we provide an overview of these emergent threats and present a categorization of prompt injections, which can guide future research on prompt injections and act as a checklist of vulnerabilities in the development of LLM interfaces. Moreover, based on previous literature and our own empirical research, we discuss the implications of prompt injections to LLM end users, developers, and researchers.