A University of Maryland student launched HackAPrompt, one of the first local artificial intelligence prompt hacking competitions.
HackAPrompt, which is hosted virtually, challenges participants to outsmart large language models like ChatGPT by tricking the AIs into saying certain phrases. Over the almost three week long competition, participants navigate through 10 increasingly difficult prompt defenses for a chance to win a share of $37,500 in prizes.
The competition is tailored to beginners and is meant to inform the general public about AI. The competition’s results will be compiled in a large open source dataset, which researchers can use to better understand how humans can trick AI and adapt to these hacks.
A prompt is the process of telling an AI to do a task. As AI prompting has grown more popular, it has exposed security flaws in the technology. Users in prompt hacking attempt to force the large language models into saying answers designers didn’t intend for them to say.
Through collecting data about how people hack prompts, the competition will help researchers figure out how to prevent AI systems from similar hacks. While general bugs and hacking with software applications aren’t new, addressing hacking to AI systems is much more challenging to detect and remedy.
[McLean-based software company Empower looks to challenge Uber, Lyft]
Sander Schulhoff, a junior computer science major, created the competition after seeing issues caused by prompt hacking incidents on Twitter. He also created LearnPrompting, a course website to help people learn more about prompt engineering.
Schulhoff realized data generated from the competition could be highly valuable because of the future security vulnerability risks it poses, he said.
Aayush Gupta, a freshman computer science major, is a prompt engineering beginner who enjoyed participating in the inaugural competition.
“It’s really fun to try and mess around with the prompts and the AI to see what you can get it to say,” Gupta said. “I think it’s a really cool concept and it’s gamified.”
Anaum Khan, a junior computer science major, collaborated with Schulhoff to launch the HackAPrompt. She ran the hosting and organizing side of the competition.
“I love hackathons,” Khan said. “I love hosting competitions, organizing it, everything about it, but I knew that was something that [Schulhoff] wasn’t as familiar with.”
Schulhoff was planning on running the competition himself, but Khan convinced him to start building a team, she said. The two met at Startup Shell, the student-run startup incubator and co-working space at this university.
[Student, alumni businesses win funding at annual Pitch Dingman Competition]
Both Khan and Schulhoff hope to help regular people utilize and understand AI so they can use it to better their lives and careers. Now is the ideal time to teach people how to use these new technologies because they are being released at a rapid rate, Khan said.
The more people that are educated in AI, Khan explained, the more advocacy there will be for safer models that fight against prompt hacking.
OpenAI — the creators of ChatGPT — sponsored HackAPrompt.
“They reached out and engaged with this,” Schulhoff said. “It’s validating and it shows that all of this work really is useful.”
John Dickerson, a professor at this university’s computer science department, was an advisor to the competition and thinks it is important to get people to think about problems in large language models.
“We like to support junior engineers who are pushing the envelope and addressing issues that are core to the deployment of [large language models] right now,” Dickerson said.
AI technology will someday revolutionize how people around the world work, Schulhoff said. At some point, he thinks that it will be expected that everyone learns how to use it.
“There’s so much that can be improved efficiency-wise to the point where in 20 years if you don’t know how to talk to AI it will be more difficult to have a job,” Schulhoff said. “It can take a lot of mental load off people and make them more efficient.”