Security Scho0lhou$e Rock: Preventing Pesky Prompt Injection Attacks 2024
Presenter: Lisa Raykowski
Room: Ballroom, EMU 244, Level 2
Presentation: Security Scho0lhou$e Rock: Preventing Pesky Prompt Injection Attacks
Time: 01:45p – 02:15p
Prompt injection attacks are often referred to as the contemporary version of the SQL injection attack and they are the number one security threat on the OWASP Top 10 for Large Language Model (LLM) Applications. LLMs using prompt-based learning are vulnerable to prompt injection attacks. They take advantage of the ability to respond to users’ natural language instructions and as LLM applications are granted additional capabilities (e.g., API requests, executable code), a mere curiosity turns to a serious vulnerability. Successful prompt injection attacks can lead to spreading misinformation, stealing sensitive data, manipulating models, and generating malicious content.
This session will:
- Provide an overview of prompt injection attacks
- Break down the types of prompt injection attacks
- Discuss the business risks to integrity and availability
- Walk through attack demonstrations and real world examples of successful prompt injection attacks
- Discuss mitigations to protect applications from prompt injection attacks Attendees who attend this session will gain an understanding of prompt injection attacks and be armed with information to communicate risks and mitigations to protect their organization’s applications.