“we build these systems through string concatenation, by gluing together trusted instructions and untrusted input”

Simon Willison:

Anyone who works in security will know why this is a bad idea! It’s the root cause of SQL injection, XSS, command inection and so much more.

12th September 2022 - screenshot of my blog entry Prompt injection attacks against GPT-3

#

I coined the term prompt injection nearly three years ago, in September 2022. It’s important to note that I did not discover the vulnerability. One of my weirder hobbies is helping coin or boost new terminology—I’m a total opportunist for this. I noticed that there was an interesting new class of attack that was being discussed which didn’t have a name yet, and since I have a blog I decided to try my hand at naming it to see if it would stick.


Fast Lane Literacy by sedso