Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks

Daniel Kang; Xuechen Li; Ion Stoica; Carlos Guestrin; Matei Zaharia; Tatsunori Hashimoto

doi:10.1109/SPW63631.2024.00018

Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks

Daniel Kang, Xuechen Li, Ion Stoica, Carlos Guestrin, Matei Zaharia, Tatsunori Hashimoto

Siebel School of Computing and Data Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recent advances in instruction-following large language models (LLMs) have led to dramatic improvements in a range of NLP tasks. Unfortunately, we find that the same improved capabilities amplify the dual-use risks for malicious purposes of these models. Dual-use is difficult to prevent as instruction-following capabilities now enable standard attacks from computer security. The capabilities of these instruction-following LLMs provide strong economic incentives for dual-use by malicious actors. In particular, we show that instruction-following LLMs can produce targeted malicious content, including hate speech and scams, bypassing in-the-wild defenses implemented by LLM API vendors. Our analysis shows that this content can be generated economically and at cost of 125-500 \times cheaper than human effort alone. Together, our findings suggest that LLMs will increasingly attract more sophisticated adversaries and attacks, and addressing these attacks may require new approaches to mitigations.

Original language	English (US)
Title of host publication	Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	132-143
Number of pages	12
ISBN (Electronic)	9798350354874
DOIs	https://doi.org/10.1109/SPW63631.2024.00018
State	Published - 2024
Event	45th IEEE Symposium on Security and Privacy Workshops, SPW 2024 - San Francisco, United States Duration: May 23 2024 → …

Publication series

Name	Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024

Conference

Conference	45th IEEE Symposium on Security and Privacy Workshops, SPW 2024
Country/Territory	United States
City	San Francisco
Period	5/23/24 → …

ASJC Scopus subject areas

Communication
Artificial Intelligence
Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Online availability

10.1109/SPW63631.2024.00018

Library availability

Discover UIUC Full Text

Cite this

Kang, D., Li, X., Stoica, I., Guestrin, C., Zaharia, M., & Hashimoto, T. (2024). Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks. In Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024 (pp. 132-143). (Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SPW63631.2024.00018

Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks. / Kang, Daniel; Li, Xuechen; Stoica, Ion et al.
Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024. Institute of Electrical and Electronics Engineers Inc., 2024. p. 132-143 (Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kang, D, Li, X, Stoica, I, Guestrin, C, Zaharia, M & Hashimoto, T 2024, Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks. in Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024. Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024, Institute of Electrical and Electronics Engineers Inc., pp. 132-143, 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024, San Francisco, United States, 5/23/24. https://doi.org/10.1109/SPW63631.2024.00018

Kang D, Li X, Stoica I, Guestrin C, Zaharia M, Hashimoto T. Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks. In Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 132-143. (Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024). doi: 10.1109/SPW63631.2024.00018

Kang, Daniel ; Li, Xuechen ; Stoica, Ion et al. / Exploiting Programmatic Behavior of LLMs : Dual-Use Through Standard Security Attacks. Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 132-143 (Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024).

@inproceedings{2ad5f5aae7714cf28df6a46dffc7b487,

title = "Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks",

abstract = "Recent advances in instruction-following large language models (LLMs) have led to dramatic improvements in a range of NLP tasks. Unfortunately, we find that the same improved capabilities amplify the dual-use risks for malicious purposes of these models. Dual-use is difficult to prevent as instruction-following capabilities now enable standard attacks from computer security. The capabilities of these instruction-following LLMs provide strong economic incentives for dual-use by malicious actors. In particular, we show that instruction-following LLMs can produce targeted malicious content, including hate speech and scams, bypassing in-the-wild defenses implemented by LLM API vendors. Our analysis shows that this content can be generated economically and at cost of 125-500 \times cheaper than human effort alone. Together, our findings suggest that LLMs will increasingly attract more sophisticated adversaries and attacks, and addressing these attacks may require new approaches to mitigations.",

author = "Daniel Kang and Xuechen Li and Ion Stoica and Carlos Guestrin and Matei Zaharia and Tatsunori Hashimoto",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024 ; Conference date: 23-05-2024",

year = "2024",

doi = "10.1109/SPW63631.2024.00018",

language = "English (US)",

series = "Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "132--143",

booktitle = "Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024",

address = "United States",

}

TY - GEN

T1 - Exploiting Programmatic Behavior of LLMs

T2 - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024

AU - Kang, Daniel

AU - Li, Xuechen

AU - Stoica, Ion

AU - Guestrin, Carlos

AU - Zaharia, Matei

AU - Hashimoto, Tatsunori

PY - 2024

Y1 - 2024

N2 - Recent advances in instruction-following large language models (LLMs) have led to dramatic improvements in a range of NLP tasks. Unfortunately, we find that the same improved capabilities amplify the dual-use risks for malicious purposes of these models. Dual-use is difficult to prevent as instruction-following capabilities now enable standard attacks from computer security. The capabilities of these instruction-following LLMs provide strong economic incentives for dual-use by malicious actors. In particular, we show that instruction-following LLMs can produce targeted malicious content, including hate speech and scams, bypassing in-the-wild defenses implemented by LLM API vendors. Our analysis shows that this content can be generated economically and at cost of 125-500 \times cheaper than human effort alone. Together, our findings suggest that LLMs will increasingly attract more sophisticated adversaries and attacks, and addressing these attacks may require new approaches to mitigations.

AB - Recent advances in instruction-following large language models (LLMs) have led to dramatic improvements in a range of NLP tasks. Unfortunately, we find that the same improved capabilities amplify the dual-use risks for malicious purposes of these models. Dual-use is difficult to prevent as instruction-following capabilities now enable standard attacks from computer security. The capabilities of these instruction-following LLMs provide strong economic incentives for dual-use by malicious actors. In particular, we show that instruction-following LLMs can produce targeted malicious content, including hate speech and scams, bypassing in-the-wild defenses implemented by LLM API vendors. Our analysis shows that this content can be generated economically and at cost of 125-500 \times cheaper than human effort alone. Together, our findings suggest that LLMs will increasingly attract more sophisticated adversaries and attacks, and addressing these attacks may require new approaches to mitigations.

UR - http://www.scopus.com/inward/record.url?scp=85199174513&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85199174513&partnerID=8YFLogxK

U2 - 10.1109/SPW63631.2024.00018

DO - 10.1109/SPW63631.2024.00018

M3 - Conference contribution

AN - SCOPUS:85199174513

T3 - Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024

SP - 132

EP - 143

BT - Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 23 May 2024

ER -

Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks

Abstract

Publication series

Conference

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this