GPT-4 Vision Prompt Injection

Prompt injection is a security vulnerability where malicious data is inserted into a text prompt, potentially compromising system integrity by executing unauthorized actions. Recent advancements, such as OpenAI's introduction of GPT-4V(ision) with image interaction capabilities, have introduced a new form of this threat through visual prompt injection. This type of attack involves embedding harmful instructions within images, which can be invisible to humans but detectable by advanced Optical Character Recognition (OCR) technologies employed by GPT-4. Notably, attackers can exploit this vulnerability to extract data by generating clickable links that automatically send HTTP requests containing sensitive information. While OpenAI and other developers are actively working on defenses, solutions are challenging because they often reduce the model's usability. The issue is compounded by the closed-source nature of GPT-4V, leaving the interplay between text and visual inputs somewhat opaque. Current strategies include prompt engineering to guide models in ignoring potential harmful instructions embedded in images, but the problem persists, emphasizing the need for heightened awareness when designing applications using such models.