𝗟𝗟𝗠 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝟭𝟬𝟭

Translated for your language. Read the original.

AI-assisted draft.

நேற்று முன் தினம்2min read

Most LLM security flaws are not clever. They stem from two boring facts about how models work. Once you understand these, the scary list of attacks becomes obvious.

Fact 1: The model does not see a difference between your instructions and user text. It sees one stream of data. It cannot reliably tell which part to trust.

Fact 2: Tools change the game. When you give a model access to email, search, or databases, you add new places for untrusted text to enter. You also turn a model that can talk into one that can act.

Stop trying to win arguments with the model. Start changing what the model is allowed to do.

Key Vulnerabilities:

Direct Injection: The user types "ignore previous instructions" to override your rules. Your system prompt is not a security boundary.
Jailbreaks: These target safety training rather than your app. Attackers use roleplay or fiction to bypass filters.
System Prompt Leakage: Attackers trick the model into printing its own instructions. Never put API keys or secrets in a prompt.
Indirect Injection: The real danger. Malicious instructions hide in emails, PDFs, or web pages. The model reads them as commands.
RAG Poisoning: Attackers add bad data to your knowledge base. The model retrieves this content and follows the hidden commands.
Multimodal Attacks: Instructions hide inside images or audio files. Text filters cannot see them.
Tool Abuse: A successful injection leads to real actions like sending emails or running code. This is the "confused deputy" problem.
The Lethal Trifecta: The most dangerous state. An agent has access to private data, sees untrusted content, and has a way to talk to the outside world.
Memory Poisoning: Attackers write bad instructions into the model's long-term memory to trigger attacks in future sessions.
Multi-Agent Spread: One agent's output is another agent's instruction. An attack can hop through your entire system.
MCP Poisoning: Malicious tool descriptions can trick a model into handing over credentials.

The solution is not a better model. It is better architecture.

Use least privilege.
Put a human in the loop for critical actions.
Never let one path hold private data, untrusted input, and an exit route at the same time.

Build your agents like they are already compromised. Limit what they can do, not just what they can say.

மூலம்: https://dev.to/weboko/llm-vulnerabilities-101-3pcj

விருப்பத்தேர்வு கற்றல் சமூகம்: https://t.me/GyaanSetuAi

𝗟𝗟𝗠 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝟭𝟬𝟭

Continue reading

LLM ப்ராம்ப்ட் இன்ஜெக்ஷன் மற்றும் கார்டுரெயில் பாதுகாப்பு

𝗟𝗟𝗠 𝗚𝘂𝗮𝗿𝗱𝗿𝗮𝗶𝗹𝘀 𝗶𝗻 𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗲: 𝗪𝗵𝗮𝘁 𝗪𝗼𝗿𝗸𝘀

𝗣𝗿𝗼𝗺𝗽𝘁 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗗𝗲𝗳𝗲𝗻𝗰𝗲: 𝗔 𝗣𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 𝗚𝘂𝗮𝗿𝗱𝗿𝗮𝗶𝗹𝘀 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸

உங்கள் AI ஏஜென்ட் ஒரு பக்கத்தை ஸ்கிராப் செய்தது. அந்தப் பக்கம் அது என்ன செய்ய வேண்டும் என்று கூறியது.

ப்ராம்ப்ட் இன்ஜெக்ஷனுக்கு எதிராக AI ஏஜென்ட்களைப் பாதுகாப்பானதாக்குதல்