Saved in:
Bibliographic Details
Main Authors: Chang, Xiangyu, Dai, Guang, Di, Hao, Ye, Haishan
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.16125
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912341472313344
author Chang, Xiangyu
Dai, Guang
Di, Hao
Ye, Haishan
author_facet Chang, Xiangyu
Dai, Guang
Di, Hao
Ye, Haishan
contents This report presents a real-world case study demonstrating how prompt injection can attack large language model platforms such as ChatGPT according to a proposed injection framework. By providing three real-world examples, we show how adversarial prompts can be injected via user inputs, web-based retrieval, and system-level agent instructions. These attacks, though lightweight and low-cost, can cause persistent and misleading behaviors in LLM outputs. Our case study reveals that even commercial-grade LLMs remain vulnerable to subtle manipulations that bypass safety filters and influence user decisions. \textbf{More importantly, we stress that this report is not intended as an attack guide, but as a technical alert. As ethical researchers, we aim to raise awareness and call upon developers, especially those at OpenAI, to treat prompt-level security as a critical design priority.
format Preprint
id arxiv_https___arxiv_org_abs_2504_16125
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Breaking the Prompt Wall (I): A Real-World Case Study of Attacking ChatGPT via Lightweight Prompt Injection
Chang, Xiangyu
Dai, Guang
Di, Hao
Ye, Haishan
Cryptography and Security
This report presents a real-world case study demonstrating how prompt injection can attack large language model platforms such as ChatGPT according to a proposed injection framework. By providing three real-world examples, we show how adversarial prompts can be injected via user inputs, web-based retrieval, and system-level agent instructions. These attacks, though lightweight and low-cost, can cause persistent and misleading behaviors in LLM outputs. Our case study reveals that even commercial-grade LLMs remain vulnerable to subtle manipulations that bypass safety filters and influence user decisions. \textbf{More importantly, we stress that this report is not intended as an attack guide, but as a technical alert. As ethical researchers, we aim to raise awareness and call upon developers, especially those at OpenAI, to treat prompt-level security as a critical design priority.
title Breaking the Prompt Wall (I): A Real-World Case Study of Attacking ChatGPT via Lightweight Prompt Injection
topic Cryptography and Security
url https://arxiv.org/abs/2504.16125