{"id":"https://openalex.org/W4416549537","doi":"https://doi.org/10.1145/3719027.3765124","title":"You Can't Steal Nothing: Mitigating Prompt Leakages in LLMs via System Vectors","display_name":"You Can't Steal Nothing: Mitigating Prompt Leakages in LLMs via System Vectors","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549537","doi":"https://doi.org/10.1145/3719027.3765124"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765124","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765124","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030879739","display_name":"Bochuan Cao","orcid":"https://orcid.org/0009-0007-1973-8186"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Bochuan Cao","raw_affiliation_strings":["The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101504674","display_name":"Changjiang Li","orcid":"https://orcid.org/0000-0002-1671-7183"},"institutions":[{"id":"https://openalex.org/I4210108451","display_name":"Palo Alto Networks (United States)","ror":"https://ror.org/01rn6rn86","country_code":"US","type":"company","lineage":["https://openalex.org/I4210108451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Changjiang Li","raw_affiliation_strings":["Palo Alto Networks, Santa Clara, USA"],"affiliations":[{"raw_affiliation_string":"Palo Alto Networks, Santa Clara, USA","institution_ids":["https://openalex.org/I4210108451"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113307595","display_name":"Yuanpu Cao","orcid":"https://orcid.org/0009-0004-1993-912X"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yuanpu Cao","raw_affiliation_strings":["The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009358935","display_name":"Yameng Ge","orcid":"https://orcid.org/0009-0006-0730-210X"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yameng Ge","raw_affiliation_strings":["The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100428026","display_name":"Ting Wang","orcid":"https://orcid.org/0000-0003-4927-5833"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ting Wang","raw_affiliation_strings":["Stony Brook University, Stony Brook, USA"],"affiliations":[{"raw_affiliation_string":"Stony Brook University, Stony Brook, USA","institution_ids":["https://openalex.org/I59553526"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006335513","display_name":"Jinghui Chen","orcid":"https://orcid.org/0000-0002-1486-4526"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jinghui Chen","raw_affiliation_strings":["The Pennsylvania State University, State College, USA"],"affiliations":[{"raw_affiliation_string":"The Pennsylvania State University, State College, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5030879739"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18915303,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"4423","last_page":"4437"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.3041999936103821,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.3041999936103821,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.1266999989748001,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.12030000239610672,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/forgetting","display_name":"Forgetting","score":0.5410000085830688},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5098000168800354},{"id":"https://openalex.org/keywords/leakage","display_name":"Leakage (economics)","score":0.46140000224113464},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.38119998574256897},{"id":"https://openalex.org/keywords/class","display_name":"Class (philosophy)","score":0.3086000084877014}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6746000051498413},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6273000240325928},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5741000175476074},{"id":"https://openalex.org/C7149132","wikidata":"https://www.wikidata.org/wiki/Q1377840","display_name":"Forgetting","level":2,"score":0.5410000085830688},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5098000168800354},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.46140000224113464},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.38119998574256897},{"id":"https://openalex.org/C2777212361","wikidata":"https://www.wikidata.org/wiki/Q5127848","display_name":"Class (philosophy)","level":2,"score":0.3086000084877014},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.2750000059604645},{"id":"https://openalex.org/C2776544517","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Unexpected events","level":2,"score":0.24480000138282776}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765124","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765124","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3445849207","display_name":null,"funder_award_id":"2405136,2406572","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":2,"referenced_works":["https://openalex.org/W4405181744","https://openalex.org/W4405183113"],"related_works":[],"abstract_inverted_index":{"Large":[0],"language":[1,154],"models":[2,88],"(LLMs)":[3],"have":[4,26],"been":[5],"widely":[6],"adopted":[7],"across":[8],"various":[9,81],"applications,":[10],"leveraging":[11],"customized":[12],"system":[13,20,78,113,129],"prompts":[14,79,130],"for":[15,103],"diverse":[16],"tasks.":[17],"Facing":[18],"potential":[19],"prompt":[21,65,114,178],"leakage":[22,179],"risks,":[23],"model":[24],"developers":[25],"implemented":[27],"strategies":[28],"to":[29,49,68,101,107],"prevent":[30],"leakage,":[31],"primarily":[32],"by":[33,110],"disabling":[34],"LLMs":[35],"from":[36,80,85],"repeating":[37],"their":[38],"context":[39],"when":[40],"encountering":[41],"known":[42],"attack":[43,67,73],"patterns.":[44],"However,":[45],"it":[46],"remains":[47],"vulnerable":[48],"new":[50],"and":[51,186],"unforeseen":[52],"prompt-leaking":[53],"techniques.":[54],"In":[55],"this":[56,119,157],"paper,":[57],"we":[58,121],"first":[59],"introduce":[60],"a":[61,104,124],"simple":[62],"yet":[63],"effective":[64],"leaking":[66],"reveal":[69],"such":[70,89],"risks.":[71],"Our":[72,96],"is":[74],"capable":[75],"of":[76,146],"extracting":[77],"LLM-based":[82],"application,":[83],"even":[84],"SOTA":[86],"LLM":[87],"as":[90,131],"GPT-4o":[91],"or":[92],"Claude":[93],"3.5":[94],"Sonnet.":[95],"findings":[97],"further":[98],"inspire":[99],"us":[100],"search":[102],"fundamental":[105],"solution":[106],"the":[108,116,144,151,166,182,189],"problems":[109],"having":[111],"no":[112],"in":[115,192],"context.":[117],"To":[118],"end,":[120],"propose":[122],"SysVec,":[123],"novel":[125],"method":[126],"that":[127,174],"encodes":[128],"internal":[132],"representation":[133],"vectors":[134],"rather":[135],"than":[136],"raw":[137],"text.":[138],"By":[139],"doing":[140],"so,":[141],"SysVec":[142,175],"minimizes":[143],"risk":[145],"unauthorized":[147],"disclosure":[148],"while":[149],"preserving":[150],"LLM's":[152,183],"core":[153],"capabilities.":[155],"Remarkably,":[156],"approach":[158],"not":[159],"only":[160],"enhances":[161],"security":[162],"but":[163],"also":[164],"improves":[165],"model's":[167],"general":[168],"instruction-following":[169],"abilities.":[170],"Experimental":[171],"results":[172],"demonstrate":[173],"effectively":[176],"mitigates":[177],"attacks,":[180],"preserves":[181],"functional":[184],"integrity,":[185],"helps":[187],"alleviate":[188],"forgetting":[190],"issue":[191],"long-context":[193],"scenarios.":[194]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-11-23T00:00:00"}