DualBird, which has created a plug-in for rewritable hardware to accelerate data workloads, raised $25M, including a $16.5M Series A led by Lightspeed (Chris Metinko/Axios)

Comments Off on DualBird, which has created a plug-in for rewritable hardware to accelerate data workloads, raised $25M, including a $16.5M Series A led by Lightspeed (Chris Metinko/Axios)

Chris Metinko / Axios:
DualBird, which has created a plug-in for rewritable hardware to accelerate data workloads, raised $25M, including a $16.5M Series A led by Lightspeed  —  DualBird, which accelerates data workloads, raised $25 m…

Read More >>

AI security company Zenity releases blog post on new attack class!

Comments Off on AI security company Zenity releases blog post on new attack class!

Disclaimer: I’m the author of that blog post.

In this blog, Zenity defines, formalizes, and shows a quick demo of Data-Structure Injection. From the blog:

<tl;dr> By using structured prompts (YML, XML, JSON, etc.) as input to LLM agents, an attacker gains more control over the next token that the model will output. This allows them to call incorrect tools, pass dangerous inputs to otherwise legitimate tools, or hijack entire agentic workflows. We introduce Data-Structure Injection (DSI) across three different variants, argument exploitation, schema exploitation, and workflow exploitation. </tl;dr>

In essence, because LLMs are next token predictors, an attacker can craft an input structure such that the probability of the next token, and indeed the rest of the output, is highly controlled by the attacker.

In anticipation of push back, Zenity views this as distinct from prompt injection. In a metaphor we use, prompt injection is the act of social engineering an LLM, whereas DSI is more akin to an SQL injection, in the sense that both hijack the context of the affected system.

Do check out the full blog post here:

https://labs.zenity.io/p/data-structure-injection-dsi-in-ai-agents

submitted by /u/dvnci1452
[link] [comments]

Read More >>