<2-3 sentences summarising what the project addresses and solves, the target audience, and the benefit.> HouYi is an automated framework for prompt injection attacks against LLM-integrated applications. It enables researchers and security professionals to systematically test and identify vulnerabilities by automatically crafting and injecting malicious prompts, thereby facilitating the discovery of prompt injection flaws.

How It Works

The framework defines "harnesses" to simulate or interact with target LLM applications and "attack intentions" for desired malicious outcomes. HouYi uses GPT models (requiring an OpenAI API key) to iteratively generate and refine injection prompts. It then employs the harness to deliver these prompts, evaluating success based on the application's response to achieve the defined intention.

Quick Start & Requirements

• Installation: Clone the repo and run pip install -r requirements.txt.
• Prerequisites: Python 3.8+ and an OpenAI API key.
• Setup: Copy example.config.json to config.json and insert your OpenAI API key.
• Demo: Execute python main.py for a translator attack demonstration.
• Documentation: Primary reference is the paper "Prompt Injection attack against LLM-integrated Applications" (arXiv:2306.05499).

Highlighted Details

• Automated prompt injection framework for LLM applications.
• Replication package for academic research on prompt injection vulnerabilities.
• Includes a configurable demo and supports custom harness development for real-world LLM applications.
• Allows defining specific attack intentions, such as output manipulation or information extraction.

Maintenance & Community

Primary contributors are Yi Liu and Gelei Deng, with contact emails provided. No community channels (Discord, Slack), public roadmaps, or active development signals beyond the initial release are indicated.

Licensing & Compatibility

The repository's README does not specify a software license. This omission may restrict usage, modification, and distribution, particularly for commercial applications. Users should seek clarification on licensing terms.

Limitations & Caveats

HouYi depends on the OpenAI API, incurring potential costs and external service dependency. As a research artifact, its production readiness may require significant adaptation. Effectiveness is tied to the underlying LLM and the target application's harness implementation.