Prompt Injection & Jailbreaking
Attacks on language model safety
Attacks on language model safety
Prompt injectionis the art of tricking an AI by hiding malicious instructions in user input. Instead of exploiting a software bug, the attacker exploits the AI's tendency to follow instructions โ even when those instructions come from untrusted sources.
It is the SQL injection of the AI eraโ and it is still largely unsolved.
Normal Flow vs Prompt Injection
The user directly tells the AI to ignore its instructions.
Instructions are hidden in data the AI processes โ a webpage, document, or email.
Jailbreakingis a specific form of prompt injection aimed at bypassing an AI's safety guidelines. Attackers use creative strategies to get the AI to behave in ways it was explicitly trained not to.
Scan user inputs for known injection patterns before processing.
Check AI outputs for sensitive information before showing them to users.
Give system prompts higher priority than user inputs so they cannot be overridden.
Limit what actions the AI can take, so even a successful injection has limited impact.
Prompt injection is the SQL injection of the AI era โ and it is still largely unsolved. As AI systems gain more capabilities (browsing, code execution, tool use), the impact of successful injection attacks grows dramatically.
For hands-on practice, check out the AI Security course on GitHub.