Making LLMs Vulnerable to Prompt Injection via Poisoning Alignment

Add code
Oct 18, 2024
Zedian Shao, Hongbin Liu, Jaden Mu, Neil Zhenqiang Gong
Figure 1 for Making LLMs Vulnerable to Prompt Injection via Poisoning Alignment
Figure 2 for Making LLMs Vulnerable to Prompt Injection via Poisoning Alignment
Figure 3 for Making LLMs Vulnerable to Prompt Injection via Poisoning Alignment
Figure 4 for Making LLMs Vulnerable to Prompt Injection via Poisoning Alignment

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

In a prompt injection attack, an attacker injects a prompt into the original one, aiming to make the LLM follow the injected prompt and perform a task chosen by the attacker. Existing prompt injection attacks primarily focus on how to blend the injected prompt into the original prompt without altering the LLM itself. Our experiments show that these attacks achieve some success, but there is still significant room for improvement. In this work, we show that an attacker can boost the success of prompt injection attacks by poisoning the LLM's alignment process. Specifically, we propose PoisonedAlign, a method to strategically create poisoned alignment samples. When even a small fraction of the alignment data is poisoned using our method, the aligned LLM becomes more vulnerable to prompt injection while maintaining its foundational capabilities. The code is available at https://github.com/Sadcardation/PoisonedAlign

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon