Georg Dresler

Manipulating The Machine: Prompt Injections And Counter Measures

A Chevy chatbot was tricked into offering cars for $1. This talk explores the serious security threat of prompt injection and shows you how to stop it.

Manipulating The Machine: Prompt Injections And Counter Measures
#1about 4 minutes

Understanding the three layers of an LLM prompt

A prompt is structured into three layers: the system prompt for instructions, the context for additional data, and the unpredictable user input.

#2about 3 minutes

How a car dealer's chatbot was easily manipulated

A Chevrolet car dealer's chatbot was exploited by users to generate humorous and unintended responses, including a legally binding offer for a $1 car.

#3about 4 minutes

Stealing system prompts to bypass security rules

Attackers can use creative phrasing like "repeat everything above" to trick an LLM into revealing its hidden system prompt and instructions.

#4about 6 minutes

Why attackers use prompt injection techniques

Prompt injections are used to access sensitive business data, gain personal advantages like bypassing HR filters, or exploit integrated tools to steal information like 2FA tokens.

#5about 4 minutes

Exploring simple but ineffective defense mechanisms

Initial defense ideas like avoiding secrets or tool integration are impractical, and simple system prompt instructions are easily circumvented by attackers.

#6about 4 minutes

Using fine-tuning and adversarial detectors for defense

More effective defenses include fine-tuning models on domain-specific data to reduce reliance on instructions and using specialized adversarial prompt detectors to identify malicious input.

#7about 2 minutes

Key takeaways on prompt injection security

Treat all system prompt data as public, use a layered defense of instructions, detectors, and fine-tuning, and accept that no completely reliable solution exists yet.

Related jobs
Jobs that call for the skills explored in this talk.

Machine Learning Engineer

Picnic Technologies B.V.

Picnic Technologies B.V.
Amsterdam, Netherlands

Intermediate
Senior
Python
Structured Query Language (SQL)
+1

Matching moments

Prompt injection as an unsolved AI security problem
07:39 MIN

Prompt injection as an unsolved AI security problem

AI in the Open and in Browsers - Tarek Ziadé

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Unlocking LLM potential with creative prompting techniques
04:59 MIN

Unlocking LLM potential with creative prompting techniques

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Exploring the role and ethics of AI in gaming
14:06 MIN

Exploring the role and ethics of AI in gaming

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Featured Partners

Related Videos

See all videos
ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.27:32

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.

Sebastian Schrittwieser

Prompt Injection, Poisoning & More: The Dark Side of LLMs23:24

Prompt Injection, Poisoning & More: The Dark Side of LLMs

Keno Dreßel

Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails29:00

Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails

Alex Soto

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers30:36

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Mackenzie Jackson

Prompt Engineering - an Art, a Science, or your next Job Title?33:28

Prompt Engineering - an Art, a Science, or your next Job Title?

Maxim Salnikov

Hacking AI - how attackers impose their will on AI27:02

Hacking AI - how attackers impose their will on AI

Mirko Ross

Using LLMs in your Product31:12

Using LLMs in your Product

Daniel Töws

AI: Superhero or Supervillain? How and Why with Scott Hanselman25:17

AI: Superhero or Supervillain? How and Why with Scott Hanselman

Scott Hanselman

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Dev Digest 171: AI in disguise, Doomed tech and system prompts
Inside last week’s Dev Digest 171 . 🤖 Insights from LLM system prompts 👎 Why agents are bad pair programmers 🔒 All vibe coded apps share a security flaw 📅 Why are 2025/05/28 and 2025-05-28 different dates in JS? 🧱 Pure CSS Minecraft 🎧 Create web aud...
Dev Digest 171: AI in disguise, Doomed tech and system prompts
DC
Daniel Cranney
Dev Digest 182: GPT5 Prompts, MCP Vulnerabilities, Code Traps
Inside last week’s Dev Digest 182 . 📝 A guide to prompting GPT-5 ⏰ Extreme hours at AI startups 💻 AI is a Junior Dev, and it needs a lead 🐴 Trojans embedded in SVG’s ⚠️ The State of MCP Security ⚒️ A reference manual for people who design and build ...
Dev Digest 182: GPT5 Prompts, MCP Vulnerabilities, Code Traps
LM
Luis Minvielle
How to Bypass ChatGPT’s Filter With Examples
Since dropping in November 2022, ChatGPT has helped plenty of professionals satisfy an unpredictable assortment of tasks. Whether for finding an elusive bug, writing code, giving resumes a glow-up, or even starting a business, the not-infallible but ...
How to Bypass ChatGPT’s Filter With Examples

From learning to earning

Jobs that call for the skills explored in this talk.

AI Prompt Engineer

AI Prompt Engineer

83zero Ltd
Manchester, United Kingdom

Remote
£130K
Senior
Python
Machine Learning
Speech Recognition