https://community.isc2.org/t5/Tech-Talk/How-AI-can-be-hacked-with-prompt-injection-NIST-report/m-p/70026#M4416 <P>Hi All</P><P>&nbsp;</P><P>The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks <A href="https://www.ibm.com/topics/generative-ai" target="_blank" rel="noopener nofollow">generative AI</A>.</P><P>In <A href="https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2023.pdf" target="_blank" rel="noopener nofollow">Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations</A>, NIST defines various adversarial machine learning (AML) <A href="https://securityintelligence.com/posts/mapping-attacks-generative-ai-business-impact/" target="_blank">tactics and cyberattacks</A>, like prompt injection, and advises users on how to mitigate and manage them. AML tactics extract information about how <A href="https://www.ibm.com/topics/machine-learning?_ga=2.56851370.1630338845.1714967818-1058991947.1713851955&amp;_gl=1*1vhufxo*_ga*MTA1ODk5MTk0Ny4xNzEzODUxOTU1*_ga_FYECCCS21D*MTcxNDk2NzgyMC41LjAuMTcxNDk2NzgyMC4wLjAuMA.." target="_blank" rel="noopener nofollow">machine learning (ML)</A> systems behave to discover how they can be manipulated. That information is used to attack <A href="https://www.ibm.com/topics/artificial-intelligence" target="_blank" rel="noopener nofollow">AI</A> and its <A href="https://www.ibm.com/topics/large-language-models" target="_blank" rel="noopener nofollow">large language models (LLMs)</A> to circumvent security, bypass safeguards and open paths to exploit.</P><P>&nbsp;</P><P><A href="https://securityintelligence.com/articles/ai-prompt-injection-nist-report/?utm_medium=OSocial&amp;utm_source=Linkedin&amp;utm_content=RSRWW&amp;utm_id=IBMSecurityLIPostInjectionAttacks20240502&amp;sf188168829=1" target="_blank">https://securityintelligence.com/articles/ai-prompt-injection-nist-report/?utm_medium=OSocial&amp;utm_source=Linkedin&amp;utm_content=RSRWW&amp;utm_id=IBMSecurityLIPostInjectionAttacks20240502&amp;sf188168829=1</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 06 May 2024 03:58:37 GMT Caute_cautim 2024-05-06T03:58:37Z https://community.isc2.org/t5/Tech-Talk/How-AI-can-be-hacked-with-prompt-injection-NIST-report/m-p/70026#M4416 <P>Hi All</P><P>&nbsp;</P><P>The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks <A href="https://www.ibm.com/topics/generative-ai" target="_blank" rel="noopener nofollow">generative AI</A>.</P><P>In <A href="https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2023.pdf" target="_blank" rel="noopener nofollow">Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations</A>, NIST defines various adversarial machine learning (AML) <A href="https://securityintelligence.com/posts/mapping-attacks-generative-ai-business-impact/" target="_blank">tactics and cyberattacks</A>, like prompt injection, and advises users on how to mitigate and manage them. AML tactics extract information about how <A href="https://www.ibm.com/topics/machine-learning?_ga=2.56851370.1630338845.1714967818-1058991947.1713851955&amp;_gl=1*1vhufxo*_ga*MTA1ODk5MTk0Ny4xNzEzODUxOTU1*_ga_FYECCCS21D*MTcxNDk2NzgyMC41LjAuMTcxNDk2NzgyMC4wLjAuMA.." target="_blank" rel="noopener nofollow">machine learning (ML)</A> systems behave to discover how they can be manipulated. That information is used to attack <A href="https://www.ibm.com/topics/artificial-intelligence" target="_blank" rel="noopener nofollow">AI</A> and its <A href="https://www.ibm.com/topics/large-language-models" target="_blank" rel="noopener nofollow">large language models (LLMs)</A> to circumvent security, bypass safeguards and open paths to exploit.</P><P>&nbsp;</P><P><A href="https://securityintelligence.com/articles/ai-prompt-injection-nist-report/?utm_medium=OSocial&amp;utm_source=Linkedin&amp;utm_content=RSRWW&amp;utm_id=IBMSecurityLIPostInjectionAttacks20240502&amp;sf188168829=1" target="_blank">https://securityintelligence.com/articles/ai-prompt-injection-nist-report/?utm_medium=OSocial&amp;utm_source=Linkedin&amp;utm_content=RSRWW&amp;utm_id=IBMSecurityLIPostInjectionAttacks20240502&amp;sf188168829=1</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 06 May 2024 03:58:37 GMT https://community.isc2.org/t5/Tech-Talk/How-AI-can-be-hacked-with-prompt-injection-NIST-report/m-p/70026#M4416 Caute_cautim 2024-05-06T03:58:37Z