|
|
|
|
|
|
by M4v3R
1164 days ago
|
|
|
I agree, but then again I don’t think prompt injection attacks are as severe as SQLi or XSS attacks. The latter can be disastrous for your application if even one is found, while for prompt injection the worst can happen is that the user will spoil their own user experience when using an LLM-based product. Of course everything depends on the use case and thus in the current stage of LLMs I would not use them in any security-critical applications. |
|
|
If you've granted it access to private data or given it the ability to write and execute code - both things people are starting to actually do - it could be very serious indeed: https://simonwillison.net/2023/Apr/14/worst-that-can-happen/