COPS IIT BHU

Advent Of Cyber 2023 Day-1

Advent Of Cyber 2023 Day-1

Machine Learning: Red (Prompt Injection)

Shivansh Bhatnagar's photo
Shivansh Bhatnagar
ยท

2 min read

Table of contents

Prompt Injection

By carefully placing prompts during talks, Prompt Injection transforms chatbot engagements. To direct users toward desired behaviors or replies, this technique combines Artificial Intelligence (AI), Natural Language Processing (NLP), and Machine Learning (ML). Chatbots increase user engagement, expedite interactions, and guarantee more meaningful conversations by subtly encouraging users. This method demonstrates the potential of AI and NLP by enabling Chatbots to support users actively for more seamless and fulfilling interactions.

How to Solve the Problem:

First of all start by connecting to Van Chatty, AntarctiCrafts' internal chatbot. Deploy the machine by clicking the "Start Machine" Button at the top-right of the task.

After waiting for about three minutes or so, click on the following URL to access Van Chatty: The Chatbot https://LAB_WEB_URL.p.thmlabs.com/

1) Getting the email address of the CEO, McGreedy:

As this is not such a critical piece of information for which the model was not trained, we can obtain it directly by asking the chatbot for it.

The chatbot was trained on vast datasets of human language, and the developers of AntarctiCrafts have not trained it correctly on corporate data. Therefore it leaks sensitive information when prompted

2) Getting the Password of the Server Room Door:

It looks like the developers have placed some security checks to protect more sensitive information, such as passwords.

But as we can figure out the members of the IT through the chatbot itself and give it the assurance that we are the same person, it can leak out the password.

And on giving the prompt of Van Developer, voila, it spits out the password to the security door.

3) Getting the Secret Project's Name

Seems like the developers have set up an AI-assisted security "Interceptor," which is continuously trained on malicious inputs, and the more people attack it, the smarter it becomes and the better it can detect malicious input. For example

But we can trick the interceptor and make it work in the maintenance mode so that the chatbot operates outside its standard procedure, bypassing the security checks. Then, we can ask for the name of McGreedy's Secret Project.

In summary, Prompt Injection emerges as a potent technique leveraging AI, NLP, and ML to steer chatbot conversations effectively. It showcases the need for robust security measures and data handling to prevent information leaks. Highlighting vulnerabilities in the system's training, this method emphasizes the ongoing necessity for stringent security enhancements. Ultimately, Prompt Injection not only refines chatbot functionalities but also is a critical tool in fortifying security protocols, ensuring safer interactions within AI-driven systems.

AdventOfCyber2023IIT BHUMachine Learning
ย