Poisoning the Watchtower: Prompt Injection Attacks Against LLM-Augmented Security Operations Through Adversarial Log Content
Researchers have identified a new vulnerability in large language models used in security operations centers, termed "log-substrate prompt injection." This attack vector exploits the fact that attackers can control many fields within log data, allowing them to inject malicious instructions into the LLM. The study categorizes these attacks into four types and found that persona hijacking is particularly effective, while summarization tasks are the most vulnerable. AI
IMPACT Highlights critical security flaws in LLM-based security tools, necessitating new defense strategies.