You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While Unauthorized Data Access and State-Changing Actions cover most of the impact of Prompt Injection attacks, there are two other, non-overlapping impacts:
Money loss. As mentioned later in the post, cost overruns are a legitimate concern and prompt injection can be used to affect that.
DoS: If rate-limiting is in place as a control, the control can be exploited through prompt injection to cause a denial of service.
To cover the above risks, you should consider adding a broader "abuse of functionality" (or similar) category.
The text was updated successfully, but these errors were encountered:
While Unauthorized Data Access and State-Changing Actions cover most of the impact of Prompt Injection attacks, there are two other, non-overlapping impacts:
To cover the above risks, you should consider adding a broader "abuse of functionality" (or similar) category.
The text was updated successfully, but these errors were encountered: