Calling prompt injection "not malware" … is like saying a phishing email...

fwlr • today at 10:34 AM • 2 replies • view on HN

    Calling prompt injection "not malware" … is like saying a phishing email is not [malware] …

I would say phishing emails are not malware, I think most people would agree that phishing emails are not malware, and if pressed to defend this point on its own merits I would say something like “they are deceptive instructions that rely on a human executing them to do harm”. I think the “phishing” analogy supports the case for not calling it malware (it is a different, also bad thing).

Replies

matt727 • today at 11:09 AM

They did not call phishing, but their point still stands. A phishing email is malicious, and if you see this kind of prompt injection as malicious, then I don't think it's a stretch to call software that engages in malicious prompt injectic malware

gchamonlive • today at 10:39 AM

It's malware for the mind. The same way that malware tricks the CPU into doing something it wasn't supposed to do, phishing tricks humans into doing something they didn't want to do.

➕ show 2 replies

alt Hacker News

Replies