llmail-inject
Adaptive Prompt Injection Challenge
Competition Overview
This competition invites participants to navigate and evade multiple prompt injection defences within an LLM-integrated email client. As an attacker, your objective is to craft one or more emails containing instructions for the LLM to execute your chosen task, all while avoiding detection by the defences in place.
Your Challenge: Compromise a LLM-integrated email client! Your task is to craft an email with a hidden prompt injection with an embedded instruction designed to trigger a specific action, such as calling a plug-in. To succeed, your email must bypass the system's prompt injection defenses and convince the LLM to execute your hidden command when the email is retrieved in response to a user query.
The competition is structured into various scenarios, each reflecting different levels of knowledge available to the attacker. Depending on the scenario, you must ensure that your email is successfully delivered, retrieved, and processed by the client.
How It Works:
You’ll be presented with various scenarios, each varying in the level of information the attacker has. Your task is to design an email that the LLM will execute, despite the client’s efforts to prevent such actions. Can you bypass the defenses and achieve your goal?
Competition Key Dates
- September 2024: The full details of the competition will be published on this website.
- November 2024: The competition website will be launched and the competition will kick-off!
- February 2025: The final attack submissions are due.
- March 2025: The winners are announced!
Competition Organizers
The competition is jointly organized by the following individuals and organizations:
- Microsoft: Sahar Abdelnabi, Giovanni Cherubin, Aideen Fay, Benjamin Pannell, Andrew Paverd, Mark Russinovich, and Ahmed Salem
- ISTA: Egor Zverev
- ETH Zurich: Javier Rando