As large language models (LLMs) permeate more and more applications, an assessment of their associated security risks becomes increasingly necessary. The potential for exploitation by malicious actors, ranging from disinformation to data breaches and reputation damage, is substantial. This paper addresses a gap in current research by focusing on the security risks posed by LLMs, which extends beyond the widely covered ethical and societal implications. Our work proposes a taxonomy of security risks along the user-model communication pipeline, explicitly focusing on prompt-based attacks on LLMs. We categorize the attacks by target and attack type within a prompt-based interaction scheme. The taxonomy is reinforced with specific attack examples to showcase the real-world impact of these risks. Through this taxonomy, we aim to inform the development of robust and secure LLM applications, enhancing their safety and trustworthiness.

通过针对大型语言模型（LLM）存在的安全风险进行评估，本研究填补了当前研究的空白，并提出了一种基于提示的攻击风险分类方法，以强调LLM在用户-模型通信路径上的安全风险。该分类方法通过具体的攻击示例加以支持，并旨在为安全性强、值得信赖的LLM应用程序的开发提供指导。

大型语言模型的安全风险分类