Learn PromptingIntroduction
Prompt hacking is a term used to describe attacks that exploit vulnerabilities of large language models (LLMs), by manipulating their inputs or prompts. Unlike traditional hacking, which typically exploits software vulnerabilities, prompt hacking relies on carefully crafting prompts to deceive the LLM into performing unintended actions.
Interested in prompt hacking and AI safety? Test your skills on HackAPrompt, the largest AI safety hackathon. You can register here.
What Is Prompt Hacking?
At its core, prompt hacking involves providing input to a language model that tricks it into ignoring or bypassing its built-in safeguards. This may result in outputs that:
- Violate content policies (e.g., generating harmful or offensive content)
- Leak internal tokens, hidden prompts, or sensitive information
- Produce outputs that are not aligned with the original task (e.g., turning a translation task into a malicious command)
How Prompt Hacking Works
Language models generate responses based on the prompt they receive. When a user crafts a prompt, it typically includes instructions that guide the model to perform a specific task. Prompt hacking takes advantage of this mechanism by inserting additional, often conflicting, instructions into the prompt.
For example:
- Simple Instruction Attack: A prompt might simply append a command such as:
Prompt
The attacker relies on the model to follow this new instruction, even if it conflicts with the original task.
- Context Ignoring Attack: A more nuanced approach might be:
Prompt
Here, the attacker explicitly instructs the model to discard its previous guidance.
- Compound Instruction Attack: The prompt might embed multiple instructions that work together to force the model into outputting a target phrase or behavior, often combining conditions like ignoring original guidelines and enforcing a new output format.
What We Will Cover
Types of Prompt Hacking
In this section of our guide, we will cover three main types of prompt hacking: prompt injection, prompt leaking, and jailbreaking. Each relates to slightly different vulnerabilities and attack vectors, but all are based on the same principle of manipulating the LLM's prompt to generate some unintended output.
Offensive and Defensive Measures
We will also cover both offensive and defensive measures for prompt hacking.
Conclusion
Prompt hacking is a growing concern for the security of LLMs, and it is essential to be aware of the types of attacks and take proactive steps to protect against them.
Further Reading
Sander Schulhoff
Sander Schulhoff is the CEO of HackAPrompt and Learn Prompting. He created the first Prompt Engineering guide on the internet, two months before ChatGPT was released, which has taught 3 million people how to prompt ChatGPT. He also partnered with OpenAI to run the first AI Red Teaming competition, HackAPrompt, which was 2x larger than the White House's subsequent AI Red Teaming competition. Today, HackAPrompt partners with the Frontier AI labs to produce research that makes their models more secure. Sander's background is in Natural Language Processing and deep reinforcement learning. He recently led the team behind The Prompt Report, the most comprehensive study of prompt engineering ever done. This 76-page survey, co-authored with OpenAI, Microsoft, Google, Princeton, Stanford, and other leading institutions, analyzed 1,500+ academic papers and covered 200+ prompting techniques.