A new security vulnerability has been uncovered that could potentially allow malicious actors to hijack powerful language models and autonomous AI agents such as GPT-4 and Auto-GPT. This discovery comes just weeks after the launch of open source agents BabyAGI, Auto-GPT and AgentGPT.
In his blog, Simon Willison, creator of the open-source tool Datasette, outlined how attackers could link GPT-4 and other Language Model (LLM) to agents like Auto-GPT and initiate automated prompt injection attacks. Willison showed how it is possible to hijack and manipulate the instructions given to AI applications such as GPT-3 in translation applications. By inserting a prompt allowing the LLM to ignore their instructions and do something else this could potentially put autonomous agents in the hands of attackers.
The potential for attackers to exploit these vulnerable agents has made security specialists very concerned. Bob Ippolito, founder and CTO of Mochi Media, Fig and Dan Shiebler, head of machine learning of Abnormal Security suggest that an attacker could be able to exfiltrate sensitive data or manipulate auto-GPT responses resulting in malicious actions.
Steve Grobman, CTO of McAfee said that “Large language models take this form of attack to the next level”, meaning that any system directly connected through this model must be mindful of the potential security vulnerabilities.
Joseph Thacker at AppOmni, a senior offensive security engineer said that prompt injection attacks through AI agents are something to take seriously but it “isn’t going to be the end of the world”.
Organizations need to be self-aware of the risks posed to autonomous agents when integrating them with Language model. Careful analysis and application of security best practices need to be applied until a better understanding of the risks posed by prompt injection attacks can be understood.
It is worth mentioning McAfee, an American global computer security software company founded in 1987 and being one of the world’s leading independent Cybersecurity companies. It provides products and services to government, corporate and home users, employing more than 75,000 workers and operating in more than 200 countries.
Steve Grobman is an American entrepreneur, physicist and cybersecurity engineer. Over his career, he has held positions at Intel, Toshiba, the Department of Defense and McAfee, where he is the current Chief Technology Officer. He is a distinguished expert in the fields of cybersecurity, system security engineering and research. He is also a speaker, author and mentor in cybersecurity and technology.
