1 comment

[ 2.6 ms ] story [ 13.4 ms ] thread
We demonstrate the potentially brutal consequences of connecting LLMs to applications (like search). We propose newly enabled attack vectors and techniques and discuss them:

- Remote control of chat LLMs

- Persistent compromise across sessions

- Spread injections to other LLMs

- Compromising LLMs with tiny multi-stage payloads

- Leaking/exfiltrating user data

- Automated Social Engineering

- Targeting code completion engines