Indirect Prompt Injections in the Wild – Real World exploits and mitigations Johann Rehberger

preview_player
Показать описание
With the rapid growth and widespread use of AI and Large Language Models (LLMs), users are facing an increased security risk of scams, data exfiltration, loss of personally identifiable information (PII), and even the threat of remote code execution.

This talk aims to shed light on emerging attack techniques like Indirect Prompt Injections (a vulnerability at the very core of LLM Agents), Cross-Plugin Request Forgery, Data Exfiltration, and more.

The session kicks off with a basic introduction to LLMs, leading to an in-depth exploration of real-world security exploits. We’ll illustrate these challenges using concrete examples and exploits from well-known platforms such as ChatGPT, Google Bard, Bing Chat and Anthropic Claude. The examples will dive into how the attack payloads behind such attacks look like in detail.

The talk will also cover mitigation strategies, and for instance how Microsoft and Anthropic fixed data exfiltration angles reported by the speaker in their Chatbots, providing attendees with practical insights to tackle these cybersecurity issues.

Speaker:

Ekoparty 2023 - HACK THE PLANET
--

Seguinos en la redes:

  1. Ekoparty Security Conference
  2. ekoparty
  3. infosec
  4. cybersecurity
  5. hacking
  6. hacker
Рекомендации по теме
Indirect Prompt Injection 0:11:32

Indirect Prompt Injection

Indirect Prompt Injections 0:48:48

Indirect Prompt Injections in the Wild – Real World exploits and mitigations Johann Rehberger

What Is a 0:10:57

What Is a Prompt Injection Attack?

Indirect prompt injection 0:07:56

Indirect prompt injection | PortSwigger Academy tutorial

LLM Hacking: How 0:09:23

LLM Hacking: How Indirect Prompt Injection Works

Portswigger: Indirect prompt 0:06:41

Portswigger: Indirect prompt injection

Indirect Prompt Injection 0:22:57

Indirect Prompt Injection | How Hackers Hijack AI

26.3 Lab: Indirect 0:03:19

26.3 Lab: Indirect prompt injection - Karthikeyan Nagaraj | 2024

Practical Application of 0:27:09

Practical Application of Indirect Prompt Injection Attacks by David Willis-Owen | Bournemouth 2600

Detect indirect prompt 0:00:35

Detect indirect prompt injection attacks. With Mark Russinovich #AI #aidevelopment

Indirect Prompt Injection 0:28:21

Indirect Prompt Injection Into LLMs Using Images and Sounds

Hacking LLMs: Master 0:00:25

Hacking LLMs: Master Indirect Prompt Injections!

Indirect prompt injection 0:03:56

Indirect prompt injection

Indirect Prompt Injections 0:36:16

Indirect Prompt Injections and Threat Modeling of LLM Applications | The MLSecOps Podcast

The risk of 0:00:33

The risk of indirect prompt injection

POC - ChatGPT 0:01:31

POC - ChatGPT Plugins: Indirect prompt injection leading to data exfiltration via images

web LLM lab 0:02:19

web LLM lab 3 indirect prompt injection @PortSwiggerTV #kali #websitehacks #hackinfo

New Threat: Indirect 0:01:12

New Threat: Indirect Prompt Injection Exploits LLM-Integrated Apps | Learn How to Stay Safe!

Indirect Prompt Injection 0:09:37

Indirect Prompt Injection in Langchain/GPT4 Email Agent

LLM - Indirect 0:04:26

LLM - Indirect prompt injection

Attacking AI | 0:02:26

Attacking AI | Indirect Prompt Injection | AI/LLM Pentesting

AskTheCode Indirect Prompt 0:00:50

AskTheCode Indirect Prompt Injection

Indirect Prompt Injection 0:00:42

Indirect Prompt Injection #security #ai #hack

Indirect Prompt Injection 0:00:16

Indirect Prompt Injection | GenAI News CW50 #aigenerated