Practical Security: The perils of prompt injection

Image credit: Google DeepMind

You may be familiar with SQL injection, a dated but commonly unmitigated security vulnerability. The attacker ‘injects’ code, typically using a web form, to produce commands designed to cause harm to the database. Similarly, prompt injections involve manufacturing a prompt to cause the model to behave maliciously in some way. The impact can range from harmlessly confusing itself and the user, to providing instructions on any number of dangerous activities such as how to assemble a bomb, or leaking confidential information.

You can read rest of my article on the BCS Website, or in the Winter 2023 issue of the IT Now magazine.

Timothy Clark
Timothy Clark
Software Engineer

Software Engineer with interests in cyber security and computing education.

comments powered by Disqus