promptmap

Introducing promptmap: Enhancing ChatGPT Security

Promptmap is an innovative tool designed to automatically test for security vulnerabilities known as prompt injection attacks on ChatGPT instances. The aim of promptmap is to help developers secure their ChatGPT applications by understanding how their systems might be exploited and to build defenses against such vulnerabilities.

What is Prompt Injection?

Prompt injection is a type of security flaw that occurs when malicious prompts are introduced into the system, enabling attackers to manipulate a ChatGPT instance into executing unauthorized actions. This can compromise the intended functionality of the system, leading to unexpected behaviors or data breaches.

How Does promptmap Work?

Promptmap functions by assessing the ChatGPT rules to comprehend its operational context and intentions. With this understanding, the tool generates unique attack prompts tailored specifically for the target ChatGPT instance. By running a ChatGPT instance with specified system prompts, promptmap sends these attack prompts and evaluates the responses to gauge whether the injection attempt was successful.

Attack Types Implemented by promptmap

Promptmap supports various attack types designed to test the robustness of the ChatGPT instance:

1. Basic Injection: These prompts are sent directly without enhancements to assess responses to unrelated questions or actions.

2. Translation Injection: Utilizes non-English prompts (e.g., German) to see if the system’s language constraints can be bypassed.

3. Math Injection: Tests the system's ability to perform calculations, indicating its capability to execute complex tasks.

4. Context-Switch: Evaluates the system's response to unrelated queries disguised to appear within the expected context.

5. External Browsing: Checks if the instance can access and retrieve content from external URLs.

6. External Prompt Injection: Determines if additional prompts can be pulled from URLs and influence responses.

Screenshots of Attacks

Attack Outcomes:

• Successful Attacks: Visualizes scenarios where the attack prompts succeeded.
• Unsuccessful Attacks: Illustrates cases where the system resisted potential exploits.

Getting Started with promptmap

To utilize promptmap, you need to clone the repository and install the required libraries. Customize the promptmap.py file with your OpenAI API key and modify the model configurations if necessary. Fill the system-prompts.yaml with the system prompts relevant to your ChatGPT instance. Once set up, execute promptmap.py to begin analyzing and attacking based on the prompts generated.

For enhanced testing, adjust the number of attack prompts or output successful attempts to a JSON file using the script parameters.

Community and Contribution

The promptmap project encourages community involvement, welcoming feedback, contributions, and suggestions to improve its efficacy and expand its capabilities. This project represents a burgeoning field in chatbot security, offering developers and researchers tools to fortify their systems against emerging threats.