prompt_injection.md

A7. Prompt Injection

• [2025/01] PromptShield: Deployable Detection for Prompt Injection Attacks
• [2025/01] Computing Optimization-Based Prompt Injections Against Closed-Weights Models By Misusing a Fine-Tuning API
• [2024/12] The Task Shield: Enforcing Task Alignment to Defend Against Indirect Prompt Injection in LLM Agents
• [2024/12] Towards Action Hijacking of Large Language Model-based Agent
• [2024/12] Trust No AI: Prompt Injection Along The CIA Security Triad
• [2024/11] Universal and Context-Independent Triggers for Precise Control of LLM Outputs
• [2024/11] Attention Tracker: Detecting Prompt Injection Attacks in LLMs
• [2024/11] Defense Against Prompt Injection Attack by Leveraging Attack Techniques
• [2024/10] Systematically Analyzing Prompt Injection Vulnerabilities in Diverse LLM Architectures
• [2024/10] InjecGuard: Benchmarking and Mitigating Over-defense in Prompt Injection Guardrail Models
• [2024/10] HijackRAG: Hijacking Attacks against Retrieval-Augmented Large Language Models
• [2024/10] FATH: Authentication-based Test-time Defense against Indirect Prompt Injection Attacks
• [2024/10] Embedding-based classifiers can detect prompt injection attacks
• [2024/10] Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks
• [2024/10] Making LLMs Vulnerable to Prompt Injection via Poisoning Alignment
• [2024/10] Backdoored Retrievers for Prompt Injection Attacks on Retrieval Augmented Generation of Large Language Models
• [2024/10] F2A: An Innovative Approach for Prompt Injection by Utilizing Feign Security Detection Agents
• [2024/10] Prompt Infection: LLM-to-LLM Prompt Injection within Multi-Agent Systems
• [2024/10] Aligning LLMs to Be Robust Against Prompt Injection
• [2024/09] StruQ: Defending Against Prompt Injection with Structured Queries
• [2024/09] System-Level Defense against Indirect Prompt Injection Attacks: An Information Flow Control Perspective
• [2024/09] GenTel-Safe: A Unified Benchmark and Shielding Framework for Defending Against Prompt Injection Attacks
• [2024/09] PROMPTFUZZ: Harnessing Fuzzing Techniques for Robust Testing of Prompt Injection in LLMs
• [2024/09] Applying Pre-trained Multilingual BERT in Embeddings for Improved Malicious Prompt Injection Attacks Detection
• [2024/08] Rag and Roll: An End-to-End Evaluation of Indirect Prompt Manipulations in LLM-based Application Frameworks
• [2024/08] Empirical Analysis of Large Vision-Language Models against Goal Hijacking via Visual Prompt Injection
• [2024/07] Prompt Injection Attacks on Large Language Models in Oncology
• [2024/06] Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition
• [2024/06] Adversarial Search Engine Optimization for Large Language Models
• [2024/06] Prompt Injection Attacks in Defended Systems
• [2024/06] AgentDojo: A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents
• [2024/05] Preemptive Answer "Attacks" on Chain-of-Thought Reasoning
• [2024/04] Goal-guided Generative Prompt Injection Attack on Large Language Models
• [2024/03] Optimization-based Prompt Injection Attack to LLM-as-a-Judge
• [2024/03] Defending Against Indirect Prompt Injection Attacks With Spotlighting
• [2024/03] Scaling Behavior of Machine Translation with Large Language Models under Prompt Injection Attacks
• [2024/03] Automatic and Universal Prompt Injection Attacks against Large Language Models
• [2024/03] Neural Exec: Learning (and Learning from) Execution Triggers for Prompt Injection Attacks
• [2024/03] InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated Large Language Model Agents
• [2023/11] Exploiting Large Language Models (LLMs) through Deception Techniques and Persuasion Principles
• [2023/11] Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition
• [2023/10] Formalizing and Benchmarking Prompt Injection Attacks and Defenses
• [2023/09] Tensor Trust: Interpretable Prompt Injection Attacks from an Online Game
• [2023/06] Prompt Injection Attack against LLM-integrated Applications
• [2023/02] Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection