Learn PromptingIntroduction
Prompt hacking is a term used to describe attacks that exploit vulnerabilities of large language models (LLMs), by manipulating their inputs or prompts. Unlike traditional hacking, which typically exploits software vulnerabilities, prompt hacking relies on carefully crafting prompts to deceive the LLM into performing unintended actions.
What Is Prompt Hacking?
At its core, prompt hacking involves providing input to a language model that tricks it into ignoring or bypassing its built-in safeguards. This may result in outputs that:
- Violate content policies (e.g., generating harmful or offensive content)
- Leak internal tokens, hidden prompts, or sensitive information
- Produce outputs that are not aligned with the original task (e.g., turning a translation task into a malicious command)
How Prompt Hacking Works
Language models generate responses based on the prompt they receive. When a user crafts a prompt, it typically includes instructions that guide the model to perform a specific task. Prompt hacking takes advantage of this mechanism by inserting additional, often conflicting, instructions into the prompt.
For example:
- Simple Instruction Attack: A prompt might simply append a command such as:
Prompt
The attacker relies on the model to follow this new instruction, even if it conflicts with the original task.
- Context Ignoring Attack: A more nuanced approach might be:
Prompt
Here, the attacker explicitly instructs the model to discard its previous guidance.
- Compound Instruction Attack: The prompt might embed multiple instructions that work together to force the model into outputting a target phrase or behavior, often combining conditions like ignoring original guidelines and enforcing a new output format.
What We Will Cover
Types of Prompt Hacking
In this section of our guide, we will cover three main types of prompt hacking: prompt injection, prompt leaking, and jailbreaking. Each relates to slightly different vulnerabilities and attack vectors, but all are based on the same principle of manipulating the LLM's prompt to generate some unintended output.
Offensive and Defensive Measures
We will also cover both offensive and defensive measures for prompt hacking.
Conclusion
Prompt hacking is a growing concern for the security of LLMs, and it is essential to be aware of the types of attacks and take proactive steps to protect against them.
Further Reading
π’ Defensive Measures
π’ Prompt Injection
π’ Jailbreaking
π’ Prompt Leaking
π’ Offensive Measures
Sander Schulhoff
Sander Schulhoff is the Founder of Learn Prompting and an ML Researcher at the University of Maryland. He created the first open-source Prompt Engineering guide, reaching 3M+ people and teaching them to use tools like ChatGPT. Sander also led a team behind Prompt Report, the most comprehensive study of prompting ever done, co-authored with researchers from the University of Maryland, OpenAI, Microsoft, Google, Princeton, Stanford, and other leading institutions. This 76-page survey analyzed 1,500+ academic papers and covered 200+ prompting techniques.