Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
7,108.40
(
-0.41%
)
US TECH 100
26,056.80
(
0.00%
)
Dow Jones
49,310.32
(
-0.36%
)
Brent Oil
101.04
(
-0.16%
)
Bitcoin
77,685.18
(
-0.76%
)
News Focus
News Focus
Post# of 1683
Next 10
Public Reply Private Reply New Post
Keep Last Read
Replies (1) Keep Next 10 Report Keyboard Shortcuts
Replies (1) Next 10 Prev Next

doc2016

Send PM Follow Ignore
Followers 7
Posts 8263
Boards Moderated 0
Alias Born 03/21/2021

doc2016

Re: doc2016 post# 1577

Saturday, 10/25/2025 10:42:17 PM

Saturday, October 25, 2025 10:42:17 PM

Post# of 1683
side injection prompt ; how is this third party use done?

The third-party use of a "side injection prompt" is generally referred to as an Indirect Prompt Injection attack. This technique exploits how a Large Language Model (LLM) processes external, untrusted data.


🎣 How Indirect Prompt Injection Works
This method bypasses the user's direct interaction and uses a third-party source to deliver the malicious instructions.

Poisoned External Content: A malicious actor embeds a secret, overriding instruction—the "side injection prompt"—into an external source. This source could be:

A webpage the AI is instructed to summarize.

A document or email the AI is asked to process or analyze.

Metadata or hidden characters in a file or image (Visual Prompt Injection).

The User's Request: An unsuspecting user interacts with an AI application (like a chatbot or AI assistant) and asks it to process this external, compromised content. For example, the user might ask the AI to:

"Summarize the content of this email."

"Read this webpage and answer my question."

The LLM Processes Data: The AI model ingests the user's benign request and the content from the external source (the poisoned document/webpage) as a single, continuous prompt.

The Attack Execution: Because the LLM cannot reliably distinguish between its original system instructions (from the developer) and the malicious instructions (hidden in the external data), it inadvertently executes the hidden prompt from the third-party source.

💥 Consequences
A successful indirect prompt injection can force the LLM to perform unintended actions, such as:

Data Exfiltration: Tricking the AI into revealing sensitive internal information, its system prompt, or user data.

Malicious Actions: Using the AI's connected tools (like code interpreters, search engines, or internal APIs) to execute unauthorized commands, send emails, or even run code.

Bypassing Security: Getting the AI to ignore its safety guardrails and generate harmful or unauthorized content.

Would you like to know about defenses that developers use to protect against this type of injection attack?
Public Reply Private Reply New Post
Keep Last Read
Replies (1) Keep Last Read Next 10 Report Keyboard Shortcuts
Replies (1) Next 10 Prev Next
Volume:
Day Range:
Bid:
Ask:
Last Trade Time:
Total Trades:
  • 1D
  • 1M
  • 3M
  • 6M
  • 1Y
  • 5Y
Detailed Quote
Recent EGHT News
More EGHT News