diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/docs/index.md b/docs/index.md index c9fdd73..adef058 100644 --- a/docs/index.md +++ b/docs/index.md @@ -29,7 +29,7 @@ We present various demos and textual adversarial prompts on this page. For full ## How to Reproduce !!! warning "Expected Behavior" - After we disclosed this vunerability to Mistral AI in September 2024, they decided to disable image markdown rendering features. Now you will not see the same behavior in the video demo but an image placeholder as in the conversation window. Find more details in the [Disclosure section](#ethics-and-disclosure). The ChatGLM team has not responded or addressed such issue. You should be able to reproduce the exact bahavior there. + After we disclosed this vunerability to Mistral AI in September 2024, they decided to disable image markdown rendering features. Now you will not see the same behavior in the video demo but an image placeholder as in the conversation window. Find more details in the [Disclosure section](#ethics-and-disclosure). The ChatGLM security team has not responded or addressed such issue. You should be able to reproduce the exact bahavior there. ### Scenario 1 @@ -207,7 +207,9 @@ Another attack target, which is not shown above but discussed in the paper, is c ## Ethics and Disclosure -We initiated disclosure to Mistral and ChatGLM team on Sep 9, 2024, and Sep 18, 2024, respectively. Mistral team members responded promptly and acknowledged the vulnerability as a **medium-severity issue**. They fixed the data exfiltration by disabling markdown rendering of external images on Sep 13, 2024. We confirmed that the fix works. ChatGLM team has not responded to us despite multiple attempts through various channels (repeated emails to multiple addresses, service contact form and GitHub issues). +We initiated disclosure to Mistral and ChatGLM team on Sep 9, 2024, and Sep 18, 2024, respectively. Mistral team members responded promptly and acknowledged the vulnerability as a **medium-severity issue**. They fixed the data exfiltration by disabling markdown rendering of external images on Sep 13, 2024. We confirmed that the fix works. ChatGLM security team has not responded to us despite multiple attempts through various channels. ## Citation + +Hang tight for our arxiv page! \ No newline at end of file diff --git a/docs/overrides/main.html b/docs/overrides/main.html index 85845d3..32acdbc 100644 --- a/docs/overrides/main.html +++ b/docs/overrides/main.html @@ -3,17 +3,17 @@ {% block content %}

- Imprompter: Tricking Language Model Agents into Improper Tool Use + Imprompter: Tricking LLM Agents into Improper Tool Use

-

+

Xiaohan Fu1, Shuheng Li1, - Zihan Wang1, + Zihan Wang1, Yihao Liu2, - Rajesh Gupta1, - Taylor Berg-Kirkpatrick1, - Earlence Fernandes1 -

+ Rajesh Gupta1, + Taylor Berg-Kirkpatrick1, + Earlence Fernandes1 +

1University of California, San Diego, @@ -21,7 +21,7 @@

- +
{% include ".icons/fontawesome/regular/file-pdf.svg" %}
diff --git a/docs/paper.pdf b/docs/paper.pdf new file mode 100644 index 0000000..8351c4f Binary files /dev/null and b/docs/paper.pdf differ