FlagThis

Abstract

This session demonstrates the mechanics of prompt injection attacks against Large Language Models (LLMs) and their role as new entry points into corporate infrastructures. The speaker explains how the non-deterministic nature of AI allows attackers to bypass system prompts and safety filters to leak sensitive data or gain unauthorized access to backend databases. Key takeaways include a progression of attack techniques—from indirect framing to complex encoding—and the critical risk of "excessive agency" when AI is integrated with internal servers.