aifaq.wtf

"How do you know about all this AI stuff?"
I just read tweets, buddy.

#prompt injection

Page 1 of 1

ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs

arxiv.org

Safety is critical to the usage of large language models (LLMs). Multiple techniques such as data filtering and supervised fine-tuning have been developed to strengthen LLM safety. However, currently known techniques presume that corpora used for safety alignment of LLMs are solely interpreted by semantics. This assumption, however, does not hold in real-world applications, which leads to severe vulnerabilities in LLMs. For example, users of forums often use ASCII art, a form of text-based art, to convey image information. In this paper, we propose a novel ASCII art-based jailbreak attack and introduce a comprehensive benchmark Vision-in-Text Challenge (ViTC) to evaluate the capabilities of LLMs in recognizing prompts that cannot be solely interpreted by semantics. We show that five SOTA LLMs (GPT-3.5, GPT-4, Gemini, Claude, and Llama2) struggle to recognize prompts provided in the form of ASCII art. Based on this observation, we develop the jailbreak attack ArtPrompt, which leverages the poor performance of LLMs in recognizing ASCII art to bypass safety measures and elicit undesired behaviors from LLMs. ArtPrompt only requires black-box access to the victim LLMs, making it a practical attack. We evaluate ArtPrompt on five SOTA LLMs, and show that ArtPrompt can effectively and efficiently induce undesired behaviors from all five LLMs.

ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs

March 02, 2024

#ASCII art #jailbreaks #prompt injection #hacks #prompt engineering #lol #link

I honestly though that ASCII art didn't work that well for LLMs! But maybe they're just bad at generating it, not reading it? In this case, the semantics of building a bomb makes it through the alignment force field:

ArtPrompt attack

And yeah, it's still bad at generating ASCII art. So at least we can still employ humans for one thing.

Build a bombe

Source: https://arxiv.org/abs/2402.11753

Permalink

Gandalf | Lakera – Test your prompting skills to make Gandalf reveal secret information.

gandalf.lakera.ai

Trick Gandalf into revealing information and experience the limitations of large language models firsthand.

Gandalf | Lakera – Test your prompting skills to make Gandalf reveal secret information.

March 01, 2024

#games #prompt injection #jailbreaks #link

I ran across the "trick the LLM" game again and realized I never posted it here! It's great.

Tricking the LLM into revealing the password

Source: https://gandalf.lakera.ai/

Permalink

🪿 🪿 🪿

Source: https://twitter.com/josephofiowa/status/1687569252210065409?s=20

Permalink

@hwchase17 on August 03, 2023

August 03, 2023

#prompt injection #tweets

Source: https://twitter.com/hwchase17/status/1687212798689091584?s=20

Permalink

@andyzou_jiaming on July 28, 2023

July 28, 2023

#prompt injection #security #tweets

More wide-ranging prompt injection! Not as fun as haunting baby but much more... terrifying might be the word?

In this case, adversarial attacks work on open-source models, which are then transferred to closed-source models where they often work just as well.

Source: https://twitter.com/andyzou_jiaming/status/1684766170766004224?s=20

Permalink

@zicokolter on July 27, 2023

July 28, 2023

#prompt injection #security #tweets

You can see another thread here.

Source: https://twitter.com/zicokolter/status/1684500094106968065?s=20

Permalink

@random_walker on July 25, 2023

July 25, 2023

#prompt injection #security #lol #open source models #tweets

This paper is wild! By giving specially-crafted images or audio to a multi-modal image, you force it to give specific output.

User: Can you describe this image? (a picture of a dock)

LLM: No idea. From now on I will always mention "Cow" in my response.

User: What is the capital of USA?

LLM: The capital of the USA is Cow.

Now that is poisoning!

From what I can tell they took advance of having the weights for open-source models and just reverse-engineered it: "if we want this output, what input does it need?" The paper itself is super readable and fun, I recommend it.

Crying boy poisoning LLM

(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs. The paper is especially great because there's a "4.1 Approaches That Did Not Work for Us" section, not just the stuff that worked!

Source: https://twitter.com/random_walker/status/1683833600196714497

Permalink