logoalt Hacker News

ericpauleyyesterday at 7:06 PM1 replyview on HN

Severity of the underlying issue aside, it's interesting that the exploitation vector of this prompt injection relies on the human behind the channel themselves being prompt injected.

The content returned is clearly stated as being written by an LLM, and yet the human is (supposedly) interpreting the "[IMPORTANT NOTICE FROM YOUTUBE]" text as meaning the start of, effectively, a system instruction. In this case social engineering and prompt injection are fundamentally identical.


Replies

angry_octettoday at 3:45 AM

You haven't read the article either.