The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective

Zixuan Xia; Haifeng Sun; Jingyu Wang; Qi Qi; Huazheng Wang; Xiaoyuan Fu; Jianxin Liao

doi:10.18653/v1/2025.findings-acl.675

The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective

Zixuan Xia, Haifeng Sun, Jingyu Wang, Qi Qi, Huazheng Wang, Xiaoyuan Fu, Jianxin Liao

Correct Metadata for

Important: The Anthology treat PDFs as authoritative. Please use this form only to correct data that is out of line with the PDF. See our corrections guidelines if you need to change the PDF.

Title Adjust the title. Retain tags such as <fixed-case>.

Authors Adjust author names and order to match the PDF.

Abstract Correct abstract if needed. Retain XML formatting tags such as <tex-math>.

Verification against PDF Ensure that the new title/authors match the snapshot below. (If there is no snapshot or it is too small, consult the PDF.)

Authors concatenated from the text boxes above:

ALL author names match the snapshot above—including middle initials, hyphens, and accents.

Abstract

Prompts, especially high-quality ones, play an invaluable role in assisting large language models (LLMs) to accomplish various natural language processing tasks. However, carefully crafted prompts can also manipulate model behavior. Therefore, the security risks that “prompts themselves face” and those “arising from harmful prompts” cannot be overlooked and we define the Prompt Threat (PT) issues. In this paper, we review the latest attack methods related to prompt threats, focusing on prompt leakage attacks and prompt jailbreak attacks. Additionally, we summarize the experimental setups of these methods and explore the relationship between prompt threats and prompt injection attacks.

Anthology ID:: 2025.findings-acl.675
Volume:: Findings of the Association for Computational Linguistics: ACL 2025
Month:: July
Year:: 2025
Address:: Vienna, Austria
Editors:: Wanxiang Che, Joyce Nabende, Ekaterina Shutova, Mohammad Taher Pilehvar
Venue:: Findings
SIG:
Publisher:: Association for Computational Linguistics
Note:
Pages:: 12994–13035
Language:
URL:: https://aclanthology.org/2025.findings-acl.675/
DOI:: 10.18653/v1/2025.findings-acl.675
Bibkey:
Cite (ACL):: Zixuan Xia, Haifeng Sun, Jingyu Wang, Qi Qi, Huazheng Wang, Xiaoyuan Fu, and Jianxin Liao. 2025. The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective. In Findings of the Association for Computational Linguistics: ACL 2025, pages 12994–13035, Vienna, Austria. Association for Computational Linguistics.
Cite (Informal):: The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective (Xia et al., Findings 2025)
Copy Citation:
PDF:: https://aclanthology.org/2025.findings-acl.675.pdf

PDF Cite Search Fix data

Export citation

BibTeX
MODS XML
Endnote
Preformatted

@inproceedings{xia-etal-2025-threat,
    title = "The Threat of {PROMPTS} in Large Language Models: A System and User Prompt Perspective",
    author = "Xia, Zixuan  and
      Sun, Haifeng  and
      Wang, Jingyu  and
      Qi, Qi  and
      Wang, Huazheng  and
      Fu, Xiaoyuan  and
      Liao, Jianxin",
    editor = "Che, Wanxiang  and
      Nabende, Joyce  and
      Shutova, Ekaterina  and
      Pilehvar, Mohammad Taher",
    booktitle = "Findings of the Association for Computational Linguistics: ACL 2025",
    month = jul,
    year = "2025",
    address = "Vienna, Austria",
    publisher = "Association for Computational Linguistics",
    url = "https://aclanthology.org/2025.findings-acl.675/",
    doi = "10.18653/v1/2025.findings-acl.675",
    pages = "12994--13035",
    ISBN = "979-8-89176-256-5",
    abstract = "Prompts, especially high-quality ones, play an invaluable role in assisting large language models (LLMs) to accomplish various natural language processing tasks. However, carefully crafted prompts can also manipulate model behavior. Therefore, the security risks that ``prompts themselves face'' and those ``arising from harmful prompts'' cannot be overlooked and we define the Prompt Threat (PT) issues. In this paper, we review the latest attack methods related to prompt threats, focusing on prompt leakage attacks and prompt jailbreak attacks. Additionally, we summarize the experimental setups of these methods and explore the relationship between prompt threats and prompt injection attacks."
}

Download as File

<?xml version="1.0" encoding="UTF-8"?>
<modsCollection xmlns="http://www.loc.gov/mods/v3">
<mods ID="xia-etal-2025-threat">
    <titleInfo>
        <title>The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective</title>
    </titleInfo>
    <name type="personal">
        <namePart type="given">Zixuan</namePart>
        <namePart type="family">Xia</namePart>
        <role>
            <roleTerm authority="marcrelator" type="text">author</roleTerm>
        </role>
    </name>
    <name type="personal">
        <namePart type="given">Haifeng</namePart>
        <namePart type="family">Sun</namePart>
        <role>
            <roleTerm authority="marcrelator" type="text">author</roleTerm>
        </role>
    </name>
    <name type="personal">
        <namePart type="given">Jingyu</namePart>
        <namePart type="family">Wang</namePart>
        <role>
            <roleTerm authority="marcrelator" type="text">author</roleTerm>
        </role>
    </name>
    <name type="personal">
        <namePart type="given">Qi</namePart>
        <namePart type="family">Qi</namePart>
        <role>
            <roleTerm authority="marcrelator" type="text">author</roleTerm>
        </role>
    </name>
    <name type="personal">
        <namePart type="given">Huazheng</namePart>
        <namePart type="family">Wang</namePart>
        <role>
            <roleTerm authority="marcrelator" type="text">author</roleTerm>
        </role>
    </name>
    <name type="personal">
        <namePart type="given">Xiaoyuan</namePart>
        <namePart type="family">Fu</namePart>
        <role>
            <roleTerm authority="marcrelator" type="text">author</roleTerm>
        </role>
    </name>
    <name type="personal">
        <namePart type="given">Jianxin</namePart>
        <namePart type="family">Liao</namePart>
        <role>
            <roleTerm authority="marcrelator" type="text">author</roleTerm>
        </role>
    </name>
    <originInfo>
        <dateIssued>2025-07</dateIssued>
    </originInfo>
    <typeOfResource>text</typeOfResource>
    <relatedItem type="host">
        <titleInfo>
            <title>Findings of the Association for Computational Linguistics: ACL 2025</title>
        </titleInfo>
        <name type="personal">
            <namePart type="given">Wanxiang</namePart>
            <namePart type="family">Che</namePart>
            <role>
                <roleTerm authority="marcrelator" type="text">editor</roleTerm>
            </role>
        </name>
        <name type="personal">
            <namePart type="given">Joyce</namePart>
            <namePart type="family">Nabende</namePart>
            <role>
                <roleTerm authority="marcrelator" type="text">editor</roleTerm>
            </role>
        </name>
        <name type="personal">
            <namePart type="given">Ekaterina</namePart>
            <namePart type="family">Shutova</namePart>
            <role>
                <roleTerm authority="marcrelator" type="text">editor</roleTerm>
            </role>
        </name>
        <name type="personal">
            <namePart type="given">Mohammad</namePart>
            <namePart type="given">Taher</namePart>
            <namePart type="family">Pilehvar</namePart>
            <role>
                <roleTerm authority="marcrelator" type="text">editor</roleTerm>
            </role>
        </name>
        <originInfo>
            <publisher>Association for Computational Linguistics</publisher>
            <place>
                <placeTerm type="text">Vienna, Austria</placeTerm>
            </place>
        </originInfo>
        <genre authority="marcgt">conference publication</genre>
        <identifier type="isbn">979-8-89176-256-5</identifier>
    </relatedItem>
    <abstract>Prompts, especially high-quality ones, play an invaluable role in assisting large language models (LLMs) to accomplish various natural language processing tasks. However, carefully crafted prompts can also manipulate model behavior. Therefore, the security risks that “prompts themselves face” and those “arising from harmful prompts” cannot be overlooked and we define the Prompt Threat (PT) issues. In this paper, we review the latest attack methods related to prompt threats, focusing on prompt leakage attacks and prompt jailbreak attacks. Additionally, we summarize the experimental setups of these methods and explore the relationship between prompt threats and prompt injection attacks.</abstract>
    <identifier type="citekey">xia-etal-2025-threat</identifier>
    <identifier type="doi">10.18653/v1/2025.findings-acl.675</identifier>
    <location>
        <url>https://aclanthology.org/2025.findings-acl.675/</url>
    </location>
    <part>
        <date>2025-07</date>
        <extent unit="page">
            <start>12994</start>
            <end>13035</end>
        </extent>
    </part>
</mods>
</modsCollection>

Download as File

%0 Conference Proceedings
%T The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective
%A Xia, Zixuan
%A Sun, Haifeng
%A Wang, Jingyu
%A Qi, Qi
%A Wang, Huazheng
%A Fu, Xiaoyuan
%A Liao, Jianxin
%Y Che, Wanxiang
%Y Nabende, Joyce
%Y Shutova, Ekaterina
%Y Pilehvar, Mohammad Taher
%S Findings of the Association for Computational Linguistics: ACL 2025
%D 2025
%8 July
%I Association for Computational Linguistics
%C Vienna, Austria
%@ 979-8-89176-256-5
%F xia-etal-2025-threat
%X Prompts, especially high-quality ones, play an invaluable role in assisting large language models (LLMs) to accomplish various natural language processing tasks. However, carefully crafted prompts can also manipulate model behavior. Therefore, the security risks that “prompts themselves face” and those “arising from harmful prompts” cannot be overlooked and we define the Prompt Threat (PT) issues. In this paper, we review the latest attack methods related to prompt threats, focusing on prompt leakage attacks and prompt jailbreak attacks. Additionally, we summarize the experimental setups of these methods and explore the relationship between prompt threats and prompt injection attacks.
%R 10.18653/v1/2025.findings-acl.675
%U https://aclanthology.org/2025.findings-acl.675/
%U https://doi.org/10.18653/v1/2025.findings-acl.675
%P 12994-13035

Download as File

Markdown (Informal)

[The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective](https://aclanthology.org/2025.findings-acl.675/) (Xia et al., Findings 2025)

The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective (Xia et al., Findings 2025)

ACL

Zixuan Xia, Haifeng Sun, Jingyu Wang, Qi Qi, Huazheng Wang, Xiaoyuan Fu, and Jianxin Liao. 2025. The Threat of PROMPTS in Large Language Models: A System and User Prompt Perspective. In Findings of the Association for Computational Linguistics: ACL 2025, pages 12994–13035, Vienna, Austria. Association for Computational Linguistics.