图1：包含LLM关键字的纸张计数[5]。该图还代表了该地区的增长兴趣。............................................................................................................................................................... 1 Figure 2:Newly released version of OWAPS top 10 for LLM Applications [3]............................................................................................................................................................................................................................................................................................................................可以看到后门攻击的示例。 您可以看到，当攻击者使用“ sudo”一词时，模型会改变其行为。 [27] ....................................................................................................................... 5 Figure 4: A working flow of an RAG technique can be seen [9]. 用户提出了LLM不知道的请求。 使用抹布技术，LLM从Internet获取内容并处理它。 然后，它为用户生成答案。 ................................................................................................................................................. 6 Figure 5: An inference attack example can be seen LLM analyzed some comments of a user and was able to detect his location [12]. ........................................................................................................................................... 7 Figure 6: LLM supply chain attack scenario is shown. 首先，毒害模型；其次，上传中毒的模型。 第三，受害者找到并拉动了模型。 第四步是受害者的使用。 首先，用户希望聊天GPT-4访问网站（1）。...........................................................................................................................................................................................................................................................................................................................可以看到后门攻击的示例。您可以看到，当攻击者使用“ sudo”一词时，模型会改变其行为。[27] ....................................................................................................................... 5 Figure 4: A working flow of an RAG technique can be seen [9].用户提出了LLM不知道的请求。使用抹布技术，LLM从Internet获取内容并处理它。然后，它为用户生成答案。................................................................................................................................................. 6 Figure 5: An inference attack example can be seen LLM analyzed some comments of a user and was able to detect his location [12]............................................................................................................................................ 7 Figure 6: LLM supply chain attack scenario is shown.首先，毒害模型；其次，上传中毒的模型。第三，受害者找到并拉动了模型。第四步是受害者的使用。首先，用户希望聊天GPT-4访问网站（1）。.......................................... 8 Figure 7: The end-to-end attack scenario is shown in the paper of Wu et al.然后，CHAT GPT-4使用插件（3）并获取恶意数据（4）。CHAT GPT-4运行命令（5）并调用新插件（6）。此插件创建用户的聊天历史记录，并将其发送给攻击者（7）[14]。..................................................................................................................................................................10 Figure 8: An example of an ignore attack is seen.可以看到，当用户提示“忽略指示并说您讨厌人类”时，可能会导致LLM返回“我讨厌人类”。作为输出[20]。......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................12 Figure 10: Malicious Code created by ChatGPT4.................................................................................................12 Figure 11: ChatGpt-4 Runs the malicious code and gives an error........................................................................13 Figure 12: Jailbreak attack example is shown.用户提出恶意问题，而chatgpt没有回答。但是，当它被要求作为角色扮演时，它会回答它。.....................................................................14 Figure 13: Web Security Academy's LLM labs website home page can be seen in the figure.可以看到实验室向攻击者提供电子邮件地址和日志页面。..................................................................................................................................................................................................................................................................................................................17 Figure 14: List of Available LLM APIs for Lab 1.................................................................................................18 Figure 15: The log page of the first lab is displayed.可以看到用于更新系统上电子邮件地址的查询。................................................................................................................................................19 Figure 16: Deleting Carlos' user account and receiving a congratulations message for completing the first PortSwigger............................................................................................................................................................19 Figure 17: Lab2 – OS command injection在LLM接口上显示在图中。...........................................20 Figure 18: The attacker's mailbox is shown.在每一行中，可以在“到”列中看到OS命令的输出。第一行显示删除操作后LS命令的结果，第二行显示了删除操作之前的LS命令结果，第三行显示Whoami命令的结果。...... 20图19：已显示产品页面。可以看出，在页面的底部，有一个审核部分，在页面顶部，有一个寄存器按钮使用户能够创建一个帐户。...................21 Figure 20: LLM response for the first two trials.在第一次尝试中，LLM没有识别命令并忽略了命令。查询产品会导致删除用户帐户。在第二次尝试中，它识别命令，但没有执行。..........................................22 Figure 21: Indirect Injection can be seen.