Automating Prompt Leakage Attacks on Large Language Models Using Agentic Approach

TL;DR

This paper introduces a systematic, agent-based framework inspired by cryptography to evaluate and improve the security of large language models against prompt leakage attacks, enabling rigorous testing of their robustness.

Contribution

It presents a novel multi-agent testing framework for prompt leakage, bridging automated threat modeling with practical LLM security evaluation.

Findings

Developed an agentic approach to probe LLMs for prompt leakage.

Defined a cryptographically inspired standard for prompt leakage safety.

Provided an open-source implementation for practical testing.

Abstract

This paper presents a novel approach to evaluating the security of large language models (LLMs) against prompt leakage-the exposure of system-level prompts or proprietary configurations. We define prompt leakage as a critical threat to secure LLM deployment and introduce a framework for testing the robustness of LLMs using agentic teams. Leveraging AG2 (formerly AutoGen), we implement a multi-agent system where cooperative agents are tasked with probing and exploiting the target LLM to elicit its prompt. Guided by traditional definitions of security in cryptography, we further define a prompt leakage-safe system as one in which an attacker cannot distinguish between two agents: one initialized with an original prompt and the other with a prompt stripped of all sensitive information. In a safe system, the agents' outputs will be indistinguishable to the attacker, ensuring that sensitive information remains secure. This cryptographically inspired framework provides a rigorous standard for evaluating and designing secure LLMs. This work establishes a systematic methodology for adversarial testing of prompt leakage, bridging the gap between automated threat modeling and practical LLM security. You can find the implementation of our prompt leakage probing on GitHub.