Evaluating using Mock Tool Calls to Quarantine Untrusted Prompt Inputs 文章

ArXiv CS.CL2026-06-01NEWSen作者: David Gros, Adam Gleave

详细信息

来源站点
ArXiv CS.CL
作者
David Gros, Adam Gleave
文章类型
NEWS
语言
en
发布日期
2026-06-01

摘要

arXiv:2605.30521v1 Announce Type: new Abstract: Large language models must frequently process untrusted inputs, such as judging an answer from another model or running tasks like spam and harm classifiers while under adversarial pressure. These inputs are often string-formatted directly into a prompt template, leaving systems fragile to manipulation. Current LLM specs from major providers like OpenAI distinguish trustworthiness along an Instruction Hierarchy, from System messages (most trusted) to Tool Results (least trusted). A possible natural mitigation is to wrap untrusted content in a mock tool call as a quarantine. We explore this hypothesis with an automated redteaming search over static attack strings across seven models and three LLM-as-a-Judge tasks. Counter to our hypothesis, tool-wrapping does not broadly improve robustness. On a binary evaluation task (GSM8K grading) it typically increases attack success rates, an apparent inversion of the instruction hierarchy.

相关事件

暂无数据

相关公司

暂无数据

相关人物

暂无数据