S
Sachin
@sachindh
Malicious Hallucinations: Hidden Threats with Indirect Prompt Injection
Submitted Oct 15, 2024
Submission type:
40 min talk
Track in which your submission fits:
Security
Large language models (LLMs) are known to generate unintended inaccurate responses, often called hallucinations. Most of these are harmless mistakes, like Google AI Overview suggesting to eat a rock a day. There’s a more concerning possibility: what if an attacker could deliberately cause specific hallucinations? This could allow the stealthy spread of targeted disinformation.
Our talk will introduce the concept of indirect prompt injections and show how malicious documents can be crafted to trigger particular hallucinations when added to a vector database. We’ll demonstrate case studies of proof-of-concept attacks on popular LLM chatbots like Notion AI, Microsoft Copilot, and Slack AI. Finally, we’ll explore secure design principles and tools to defend against these hidden threats.
This talk is designed for a diverse audience in the AI field. It will be particularly valuable for AI engineers working on LLM applications, AI security engineers focused on protecting these systems, product managers overseeing AI-powered products, and C-level executives making strategic decisions about AI implementation and security. Whether you’re hands-on with the technology or guiding its use at a high level, you’ll gain crucial insights into this emerging threat and its implications.
Key takeaways:
- Understand the mechanics of indirect prompt injections and their potential for causing targeted hallucinations in popular LLM applications
- Learn practical strategies and tools to protect AI systems against malicious hallucinations and enhance overall AI security
Comments
Hybrid Access Ticket
Hosted by
We care about site reliability, cloud costs, security and data privacy
Supported by
Platinum Sponsor
Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.
Platinum Sponsor
PhonePe was founded in December 2015 and has emerged as India’s largest payments app, enabling digital inclusion for consumers and merchants alike.
Community sponsor
Peak XV Partners (formerly Sequoia Capital India & SEA) is a leading venture capital firm investing across India, Southeast Asia and beyond.
Venue host - Rootconf workshops
Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation.
Community Partner
FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India.
more
Community Partner
A community of Rust language contributors and end-users from Bangalore. We have presence on the following telegram channels https://t.me/RustIndia https://t.me/fpncr LinkedIn: https://www.linkedin.com/company/rust-india/ Twitter (not updated frequently): https://twitter.com/rustlangin
more
Login to leave a comment
Zainab Bawa
@zainabbawa Editor & Promoter
Hi Sachin, your submission is accepted for Rootconf Mini. Congratulations!
The next step is to add draft slides
If you have a prepared deck, add a G-Drive (view/comment only) link in the comments.
Share slides by Sunday, 20 October. The editors will review and set up a call for discussing the flow and structure of the content + key takeaways.
If you have questions about the process, reply to this thread.