Pdf Prompt Injection Attack Against Llm Integrated Applications

By switzerlandersing On Sep 14, 2025

Not What You've Signed Up For: Compromising Real-World LLM-Integrated Applications With Indirect ...

Not What You've Signed Up For: Compromising Real-World LLM-Integrated Applications With Indirect ... View a pdf of the paper titled prompt injection attack against llm integrated applications, by yi liu and 9 other authors. This study deconstructs the complexities and implications of prompt injection attacks on actual llm integrated applications and forms houyi, a novel black box prompt injection attack technique, which draws inspiration from traditional web injection attacks.

Exploring Prompt Injection Risks In LLM Applications

Exploring Prompt Injection Risks In LLM Applications In this paper, we invert the intention of prompt injection methods to develop novel defense methods based on previous training free attack methods, by repeating the attack process but with the original input instruction rather than the injected instruction. This paper delves into the mechanisms of prompt injections, their impacts, and presents novel detection strategies. Users' inputs, and in indirect methods, they obtain outside references to embed the malicious payloads. the study shows how prompt injection can compromise a system's integrity. We deploy houyi on 36 actual llm integrated applications and discern 31 applications susceptible to prompt injection. 10 vendors have validated our discoveries, including notion, which has the potential to impact millions of users.

(PDF) Prompt Injection Attack Against LLM-integrated Applications

(PDF) Prompt Injection Attack Against LLM-integrated Applications Users' inputs, and in indirect methods, they obtain outside references to embed the malicious payloads. the study shows how prompt injection can compromise a system's integrity. We deploy houyi on 36 actual llm integrated applications and discern 31 applications susceptible to prompt injection. 10 vendors have validated our discoveries, including notion, which has the potential to impact millions of users. We introduce the concept of indirect prompt injection (ipi) to compromise llm integrated applications—a completely uninvestigated attack vector in which retrieved prompts themselves can act as “arbitrary code”. Our findings indicate that llm integrated applications are highly susceptible to p2sql injection attacks, warranting the adoption of robust defenses. to counter these attacks, we propose four effective defense techniques that can be integrated as extensions to the langchain framework. Using our framework, we conduct a systematic evaluation on 5 prompt injection attacks and 10 defenses with 10 llms and 7 tasks. our work provides a common benchmark for quantitatively evaluating future prompt injection attacks and defenses. In this repository, we provide the source code of houyi, a framework that automatically injects prompts into llm integrated applications to attack them. we also provide a demo script that simulates a llm integrated application and demonstrates how to use houyi to attack it.

(PDF) Prompt Injection Attack Against LLM-integrated Applications

(PDF) Prompt Injection Attack Against LLM-integrated Applications We introduce the concept of indirect prompt injection (ipi) to compromise llm integrated applications—a completely uninvestigated attack vector in which retrieved prompts themselves can act as “arbitrary code”. Our findings indicate that llm integrated applications are highly susceptible to p2sql injection attacks, warranting the adoption of robust defenses. to counter these attacks, we propose four effective defense techniques that can be integrated as extensions to the langchain framework. Using our framework, we conduct a systematic evaluation on 5 prompt injection attacks and 10 defenses with 10 llms and 7 tasks. our work provides a common benchmark for quantitatively evaluating future prompt injection attacks and defenses. In this repository, we provide the source code of houyi, a framework that automatically injects prompts into llm integrated applications to attack them. we also provide a demo script that simulates a llm integrated application and demonstrates how to use houyi to attack it.