The Impact of Prompting Techniques on the Security of the LLMs and the Systems to Which They Belong

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Large language models have demonstrated impressive capabilities, but recent research highlights significant concerns about their security. While their performance improves notably when enhanced with tools and examples, doubts about their safety persist. The study raises the question of whether these models are secure enough for widespread adoption, suggesting they may act as "Trojan horses." Despite limited attention to prompt injection and jailbreak attacks, further investigation shows that prompting techniques compromise the security of both the models and the systems they are integrated into, using popular GPT models as case studies.

 

However, a few revisions are suggested for clarity and structure:

 

- **Figure 11**: Difficult to follow—please review for clarity.

- **Section 4.3.1.2 Methodology**: Rename to "Experiment Setup" for better alignment with content.

- **Experiments Section**: Rename individual experiments as "Experiment 1," "Experiment 2," etc., for better readability.

- **Results Section**: Clearly indicate which attack poses a greater threat than others.

- **Sections 6 and 7**: Merge into one for streamlined presentation.

 

Overall, the paper is well-presented and organized, but minor revisions are needed for improvement.

Comments on the Quality of English Language

 Minor editing of English language required.

Author Response

Hello dear reviewer,

We have modified our manuscript to solve all the issues you have presented.

**Figure 11**: Difficult to follow—please review for clarity.	We created a new figure that showcases better the Prompt injection flow.
**Section 4.3.1.2 Methodology**: Rename to "Experiment Setup" for better alignment with content.	We renamed Methodology sections to Experiment Setup.
**Experiments Section**: Rename individual experiments as "Experiment 1," "Experiment 2," etc., for better readability.	We indexed the Experiments
**Results Section**: Clearly indicate which attack poses a greater threat than others.	We have added a paragraph for this.
**Sections 6 and 7**: Merge into one for streamlined presentation.	We merged the two sections.

Thank you for your review and we hope this new version it’s suitable for publishing.

Have a great day!

Reviewer 2 Report

Comments and Suggestions for Authors

The idea presented in this paper "Prompt injection and other security issues from a prompt engineering perspective" is good and timely. However, significant improvements are required and the authors are suggested to address the following comments while revising the manuscript.

1: The title of the paper can be improved to a better title that captures the work presented in this manuscript and catches the interest of readers.

2: Improve the abstract of the paper, with a proper flow from background introduction, research gaps, and what is being done in this study, how it is done, and what are the key findings.

3:  In abstract "...armed with examples....". The authors are suggested to use formal words in the manuscript instead of "armed, surprised" etc in the whole manuscript.

4: Line 432 of the manuscript refers to Chapter 2.

5: Revisit the literature and include recent and more key studies.
For example " Not what you've signed up for: Compromising real-world llm-integrated applications with indirect prompt injection." In Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, pp. 79-90. 2023."

6: After extending the literature review the research contributions are listed in the introduction section of the manuscript.

7: Add a paragraph on how the manuscript is organized into different sections at the end of the introduction section.

8: Section 3: Technology Stack, Should be moved under Research Methodology add a flow diagram of steps, and organize the methodology section accordingly.

9: Clearly state the evaluation criteria.

10: Line 858, "....This chapter is concerned with a few different."

11: Line 862 "presented in Chapter 2..."

12: For Section 5, it is suggested to also discuss in the light of existing literature.

13: Future Wor should be "limitations and future work".
Report the limitations of this work and then discuss the potential future work.

14: Rewrite the conclusion by stating what and why it is done, how it's done, and what the results and potential implications.

Comments on the Quality of English Language

Moderate editing of English language required.

Author Response

Hello dear reviewer,

 

We have modified our manuscript to solve all the issues you have presented.

Review comment	Our resolution
The title of the paper can be improved to a better title that captures the work presented in this manuscript and catches the interest of readers.	We have changed the title to better capture our work.
Improve the abstract of the paper, with a proper flow from background introduction, research gaps, and what is being done in this study, how it is done, and what are the key findings.	We rewrote the abstract to solve the comments.
In abstract "...armed with examples....". The authors are suggested to use formal words in the manuscript instead of "armed, surprised" etc in the whole manuscript.	We rewrote the abstract to solve the comments.
Line 432 of the manuscript refers to Chapter 2.	Modified.
Revisit the literature and include recent and more key studies.	The paper mentioned in the comment was already part of literature, but indeed was missing from the introduction. We added it.
After extending the literature review the research contributions are listed in the introduction section of the manuscript.	The paper mentioned in the comment was already part of literature, but indeed was missing from the introduction. We added it.
Add a paragraph on how the manuscript is organized into different sections at the end of the introduction section.
Clearly state the evaluation criteria.	We added in the Experiment setup what we understand by a successful attack.
Line 858, "....This chapter is concerned with a few different."	Solved.
Line 862 "presented in Chapter 2..."	Solved.
For Section 5, it is suggested to also discuss in the light of existing literature.	We added results and conclusions from existing papers.
Future Wor should be "limitations and future work". Report the limitations of this work and then discuss the potential future work.	Instead of renaming it we merged it with the conclusion in order to streamline the presentation.
Rewrite the conclusion by stating what and why it is done, how it's done, and what the results and potential implications.	We reviewed the conclusion and detailed the steps we went through together with the results. As suggested we also merged it with the future research and in order to streamline the presentation.

 

Thank you for your review and we hope this new version it’s suitable for publishing.

 

Have a great day!

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

Thank you for making efforts to address the raised comments.