The Promptware Kill Chain
The paper introduces the "Promptware Kill Chain," a framework analyzing security vulnerabilities in LLM-based applications that use prompt engineering. It identifies threats across the full lifecycle—from development to deployment—including prompt injection, jailbreaking, and data leakage, proposing a taxonomy to understand and mitigate these risks.
Background
- "Promptware" refers to software built on top of LLMs by chaining prompts together, as opposed to traditional code (hardware/software/firmware). The term was coined in a 2023 paper by the same authors.
- "Promptware Kill Chain" adapts the cybersecurity concept of a "kill chain" (used to describe stages of a cyberattack) to analyze how attacks on promptware systems unfold: from initial manipulation of an LLM to eventual damage on connected systems.
- The paper categorizes attacks like prompt injection, jailbreaking, and adversarial inputs into a structured framework — the kill chain — showing how a single malicious prompt can cascade through multiple stages to compromise data, APIs, or external services.
- This matters because promptware is increasingly used in production (chatbots, code assistants, automated agents), but unlike traditional software, its "execution" depends on unpredictable natural language, making it vulnerable to novel attack surfaces not covered by existing security models.