A new paper from arXiv details a security vulnerability in Handlebars templating, commonly used in LLM prompts, specifically within Microsoft Semantic Kernel. The research highlights that Handlebars' triple-brace interpolation, which inserts data raw, fails to protect against structural role injection attacks. These attacks can trick LLMs into adopting a higher-privilege chat role, as demonstrated in extensive trials across various delimiter families and models like GPT-3.5 Turbo and Claude Haiku 4.5. While GPT-3.5 Turbo was susceptible to task hijacking and secret exfiltration, Claude Haiku 4.5 showed significant resistance. AI
IMPACT Highlights a critical security flaw in LLM prompt engineering that could lead to model hijacking and data exfiltration.
RANK_REASON Academic paper detailing a security vulnerability in LLM prompt templating. [lever_c_demoted from research: ic=1 ai=1.0]
- arXiv
- Claude Haiku 4.5
- GPT-3.5 Turbo
- GPT-4.1 mini
- GPT-4o mini
- Handlebars
- LLM
- Microsoft Semantic Kernel
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →