Saved in:
Bibliographic Details
Main Authors: Sternak, Tvrtko, Runje, Davor, Granoša, Dorian, Wang, Chi
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2502.12630
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929718941450240
author Sternak, Tvrtko
Runje, Davor
Granoša, Dorian
Wang, Chi
author_facet Sternak, Tvrtko
Runje, Davor
Granoša, Dorian
Wang, Chi
contents This paper presents a novel approach to evaluating the security of large language models (LLMs) against prompt leakage-the exposure of system-level prompts or proprietary configurations. We define prompt leakage as a critical threat to secure LLM deployment and introduce a framework for testing the robustness of LLMs using agentic teams. Leveraging AG2 (formerly AutoGen), we implement a multi-agent system where cooperative agents are tasked with probing and exploiting the target LLM to elicit its prompt. Guided by traditional definitions of security in cryptography, we further define a prompt leakage-safe system as one in which an attacker cannot distinguish between two agents: one initialized with an original prompt and the other with a prompt stripped of all sensitive information. In a safe system, the agents' outputs will be indistinguishable to the attacker, ensuring that sensitive information remains secure. This cryptographically inspired framework provides a rigorous standard for evaluating and designing secure LLMs. This work establishes a systematic methodology for adversarial testing of prompt leakage, bridging the gap between automated threat modeling and practical LLM security. You can find the implementation of our prompt leakage probing on GitHub.
format Preprint
id arxiv_https___arxiv_org_abs_2502_12630
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Automating Prompt Leakage Attacks on Large Language Models Using Agentic Approach
Sternak, Tvrtko
Runje, Davor
Granoša, Dorian
Wang, Chi
Cryptography and Security
Artificial Intelligence
This paper presents a novel approach to evaluating the security of large language models (LLMs) against prompt leakage-the exposure of system-level prompts or proprietary configurations. We define prompt leakage as a critical threat to secure LLM deployment and introduce a framework for testing the robustness of LLMs using agentic teams. Leveraging AG2 (formerly AutoGen), we implement a multi-agent system where cooperative agents are tasked with probing and exploiting the target LLM to elicit its prompt. Guided by traditional definitions of security in cryptography, we further define a prompt leakage-safe system as one in which an attacker cannot distinguish between two agents: one initialized with an original prompt and the other with a prompt stripped of all sensitive information. In a safe system, the agents' outputs will be indistinguishable to the attacker, ensuring that sensitive information remains secure. This cryptographically inspired framework provides a rigorous standard for evaluating and designing secure LLMs. This work establishes a systematic methodology for adversarial testing of prompt leakage, bridging the gap between automated threat modeling and practical LLM security. You can find the implementation of our prompt leakage probing on GitHub.
title Automating Prompt Leakage Attacks on Large Language Models Using Agentic Approach
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2502.12630