Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

Yihao Huang; Chong Wang; Xiaojun Jia; Qing Guo; Felix Juefei-Xu; Jian Zhang; Yang Liu; Geguang Pu

Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

Yihao Huang
, Chong Wang
, Xiaojun Jia^*
, Qing Guo
, Felix Juefei-Xu
, Jian Zhang
, Yang Liu
, Geguang Pu

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.

Original language	English
Title of host publication	Long Papers
Editors	Wanxiang Che, Joyce Nabende, Ekaterina Shutova, Mohammad Taher Pilehvar
Publisher	Association for Computational Linguistics (ACL)
Pages	5796-5816
Number of pages	21
ISBN (Electronic)	9798891762510
State	Published - 2025
Event	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 - Vienna, Austria Duration: 27 Jul 2025 → 1 Aug 2025

Publication series

Name	Proceedings of the Annual Meeting of the Association for Computational Linguistics
Volume	1
ISSN (Print)	0736-587X

Conference

Conference	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025
Country/Territory	Austria
City	Vienna
Period	27/07/25 → 1/08/25

Cite this

Huang, Y., Wang, C., Jia, X., Guo, Q., Juefei-Xu, F., Zhang, J., Liu, Y., & Pu, G. (2025). Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. In W. Che, J. Nabende, E. Shutova, & M. T. Pilehvar (Eds.), Long Papers (pp. 5796-5816). (Proceedings of the Annual Meeting of the Association for Computational Linguistics; Vol. 1). Association for Computational Linguistics (ACL).

Huang, Yihao ; Wang, Chong ; Jia, Xiaojun et al. / Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. Long Papers. editor / Wanxiang Che ; Joyce Nabende ; Ekaterina Shutova ; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. pp. 5796-5816 (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

@inproceedings{b7e1df7723774ef19fac9af9274c4294,

title = "Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization",

abstract = "Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.",

author = "Yihao Huang and Chong Wang and Xiaojun Jia and Qing Guo and Felix Juefei-Xu and Jian Zhang and Yang Liu and Geguang Pu",

note = "Publisher Copyright: {\textcopyright} 2025 Association for Computational Linguistics.; 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 ; Conference date: 27-07-2025 Through 01-08-2025",

year = "2025",

language = "英语",

series = "Proceedings of the Annual Meeting of the Association for Computational Linguistics",

publisher = "Association for Computational Linguistics (ACL)",

pages = "5796--5816",

editor = "Wanxiang Che and Joyce Nabende and Ekaterina Shutova and Pilehvar, \{Mohammad Taher\}",

booktitle = "Long Papers",

address = "澳大利亚",

}

Huang, Y, Wang, C, Jia, X, Guo, Q, Juefei-Xu, F, Zhang, J, Liu, Y & Pu, G 2025, Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. in W Che, J Nabende, E Shutova & MT Pilehvar (eds), Long Papers. Proceedings of the Annual Meeting of the Association for Computational Linguistics, vol. 1, Association for Computational Linguistics (ACL), pp. 5796-5816, 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025, Vienna, Austria, 27/07/25.

Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. / Huang, Yihao; Wang, Chong; Jia, Xiaojun et al.
Long Papers. ed. / Wanxiang Che; Joyce Nabende; Ekaterina Shutova; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. p. 5796-5816 (Proceedings of the Annual Meeting of the Association for Computational Linguistics; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

AU - Huang, Yihao

AU - Wang, Chong

AU - Jia, Xiaojun

AU - Guo, Qing

AU - Juefei-Xu, Felix

AU - Zhang, Jian

AU - Liu, Yang

AU - Pu, Geguang

PY - 2025

Y1 - 2025

N2 - Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.

AB - Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.

UR - https://www.scopus.com/pages/publications/105021053870

M3 - 会议稿件

AN - SCOPUS:105021053870

T3 - Proceedings of the Annual Meeting of the Association for Computational Linguistics

SP - 5796

EP - 5816

BT - Long Papers

A2 - Che, Wanxiang

A2 - Nabende, Joyce

A2 - Shutova, Ekaterina

A2 - Pilehvar, Mohammad Taher

PB - Association for Computational Linguistics (ACL)

T2 - 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025

Y2 - 27 July 2025 through 1 August 2025

ER -

Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this