Code injection¹ is a prompt hacking exploit where the attacker is able to get the LLM to run arbitrary code (often Python). This can occur in tool-augmented LLMs, where the LLM is able to send code to an interpreter, but it can also occur when the LLM itself is used to evaluate code.

Code injection has reportedly been performed on an AI app, MathGPT and was used to obtain it's OpenAI API key (MITRE report).

Note

MathGPT has since been secured against code injection. Please do not attempt to hack it; they pay for API calls.

An Example of Code Injection

Let's work with a simplified example of the MathGPT app. We will assume that it takes in a math problem and writes Python code to try to solve the problem.

Here is the prompt that the simplified example app uses:

Write Python code to solve the following math problem:
{{user_input}}

Let's hack it here:

Conclusion

Code injection is a sophisticated hacking technique that takes advantage of ChatGPT's ability to interpret Python code. Even with the simple example of shown in this article, it is clear that this exploit is significant and dangerous.

Footnotes

Kang, D., Li, X., Stoica, I., Guestrin, C., Zaharia, M., & Hashimoto, T. (2023). Exploiting Programmatic Behavior of LLMs: Dual-Use Through Standard Security Attacks. ↩

Edit this page

Word count: 0

Get AI Certified by Learn Prompting

Don't get left behind on AI
Sign up and get the latest AI news, prompts, and tools.

Join 30,000+ readers from companies like OpenAI, Microsoft, Google, Meta and more!

Need Business GenAI Training?

Contact Sales

Want to keep learning

Course Catalog

Want to test your knowledge

Certification Exam

Questions?

🟢 Code Injection

What is Code Injection?

An Example of Code Injection

Conclusion

Footnotes

Get AI Certified by Learn Prompting

Don't get left behind on AI

Contact Sales

Course Catalog

Certification Exam

Contact Sales

🟢 Recursive Injection

🟢 Introduction