Exploring Vulnerabilities and Protections in Large Language Models: A Survey
Frank Weizhen Liu, Chenhui Hu
TL;DR
The paper surveys security vulnerabilities in large language models, focusing on Prompt Hacking (prompt injection and jailbreaking) and Adversarial Attacks (backdoors and data poisoning). It articulates the mechanisms of these attacks and reviews a range of defense strategies, including preprocessing, detection, white-box fine-tuning and embedding purification, clustering-based remedies, and black-box perturbation- and prompting-based defenses. Key contributions include cataloging attack vectors (e.g., Compositional Instruction Attacks, ProAttack, CUBE) and outlining defense frameworks (SmoothLLM, DiffPure, RAP, ONION) across open- and closed-source LLMs. The findings highlight the evolving threat landscape and emphasize the need for robust, adaptable security frameworks to ensure resilient real-world deployment of LLM systems.
Abstract
As Large Language Models (LLMs) increasingly become key components in various AI applications, understanding their security vulnerabilities and the effectiveness of defense mechanisms is crucial. This survey examines the security challenges of LLMs, focusing on two main areas: Prompt Hacking and Adversarial Attacks, each with specific types of threats. Under Prompt Hacking, we explore Prompt Injection and Jailbreaking Attacks, discussing how they work, their potential impacts, and ways to mitigate them. Similarly, we analyze Adversarial Attacks, breaking them down into Data Poisoning Attacks and Backdoor Attacks. This structured examination helps us understand the relationships between these vulnerabilities and the defense strategies that can be implemented. The survey highlights these security challenges and discusses robust defensive frameworks to protect LLMs against these threats. By detailing these security issues, the survey contributes to the broader discussion on creating resilient AI systems that can resist sophisticated attacks.