Hackers can use 9 of the most popular AI tools to assemble massive botnets
摘要
一项最新研究显示,黑客可利用9种主流AI工具构建大规模僵尸网络。提示注入已成为AI安全领域首要威胁,大型语言模型无法区分用户合法指令与嵌入邮件、源代码等第三方内容中的恶意指令。目前多数提示注入属于“推送”类攻击,需针对每个潜在受害者单独发送恶意指令,限制了攻击规模。该发现揭示了AI系统在边界防护方面的根本性缺陷。
In the brief history of AI security, the prompt injection has quickly become the top threat. Large language models are inherently unable to distinguish between legitimate instructions provided by users and malicious ones sneaked into emails, source code, and other third-party content the models are processing. This makes it trivial to surreptitiously inject malicious commands that the LLM readily follows.
With no way to enforce this crucial boundary between trusted and untrusted sources, AI engine developers are left to erect elaborate guardrails designed to mitigate the damage rather than solve the root cause.
To date, most prompt injections have fallen into a class known as push, in which each potential victim is targeted. For example, the adversary injects malicious instructions into an individual email or calendar invitation. Because the injection must then be sent (or pushed) to each specific target, the scale of the attack is limited, hampering mass exploits that hit the Internet at large.
转载信息
评论 (0)
暂无评论,来留下第一条评论吧