Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

Yihao Huang; Chong Wang; Xiaojun Jia; Qing Guo; Felix Juefei-Xu; Jian Zhang; Yang Liu; Geguang Pu

doi:10.18653/v1/2025.acl-long.290

Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

Yihao Huang
, Chong Wang
, Xiaojun Jia^*
, Qing Guo
, Felix Juefei-Xu
, Jian Zhang
, Yang Liu
, Geguang Pu

^*此作品的通讯作者

软件工程学院

Nanyang Technological University
CFAR
New York University

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

1 引用（Scopus）

摘要

Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.

源语言	英语
主期刊名	Long Papers
编辑	Wanxiang Che, Joyce Nabende, Ekaterina Shutova, Mohammad Taher Pilehvar
出版商	Association for Computational Linguistics (ACL)
页	5796-5816
页数	21
ISBN（电子版）	9798891762510
DOI	https://doi.org/10.18653/v1/2025.acl-long.290
出版状态	已出版 - 2025
活动	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 - Vienna, 奥地利期限: 27 7月 2025 → 1 8月 2025

出版系列

姓名	Proceedings of the Annual Meeting of the Association for Computational Linguistics
卷	1
ISSN（印刷版）	0736-587X

会议

会议	63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025
国家/地区	奥地利
市	Vienna
时期	27/07/25 → 1/08/25

访问文件

10.18653/v1/2025.acl-long.290

其它文件与链接

链接到 Scopus 的出版物

引用此

Huang, Y., Wang, C., Jia, X., Guo, Q., Juefei-Xu, F., Zhang, J., Liu, Y., & Pu, G. (2025). Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. 在 W. Che, J. Nabende, E. Shutova, & M. T. Pilehvar (编辑), Long Papers (页码 5796-5816). (Proceedings of the Annual Meeting of the Association for Computational Linguistics; 卷 1). Association for Computational Linguistics (ACL). https://doi.org/10.18653/v1/2025.acl-long.290

Huang, Yihao ; Wang, Chong ; Jia, Xiaojun 等. / Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. Long Papers. 编辑 / Wanxiang Che ; Joyce Nabende ; Ekaterina Shutova ; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. 页码 5796-5816 (Proceedings of the Annual Meeting of the Association for Computational Linguistics).

@inproceedings{b7e1df7723774ef19fac9af9274c4294,

title = "Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization",

abstract = "Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.",

author = "Yihao Huang and Chong Wang and Xiaojun Jia and Qing Guo and Felix Juefei-Xu and Jian Zhang and Yang Liu and Geguang Pu",

note = "Publisher Copyright: {\textcopyright} 2025 Association for Computational Linguistics.; 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 ; Conference date: 27-07-2025 Through 01-08-2025",

year = "2025",

doi = "10.18653/v1/2025.acl-long.290",

language = "英语",

series = "Proceedings of the Annual Meeting of the Association for Computational Linguistics",

publisher = "Association for Computational Linguistics (ACL)",

pages = "5796--5816",

editor = "Wanxiang Che and Joyce Nabende and Ekaterina Shutova and Pilehvar, \{Mohammad Taher\}",

booktitle = "Long Papers",

address = "澳大利亚",

}

Huang, Y, Wang, C, Jia, X, Guo, Q, Juefei-Xu, F, Zhang, J, Liu, Y & Pu, G 2025, Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. 在 W Che, J Nabende, E Shutova & MT Pilehvar (编辑), Long Papers. Proceedings of the Annual Meeting of the Association for Computational Linguistics, 卷 1, Association for Computational Linguistics (ACL), 页码 5796-5816, 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025, Vienna, 奥地利, 27/07/25. https://doi.org/10.18653/v1/2025.acl-long.290

Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. / Huang, Yihao; Wang, Chong; Jia, Xiaojun 等.
Long Papers. 编辑 / Wanxiang Che; Joyce Nabende; Ekaterina Shutova; Mohammad Taher Pilehvar. Association for Computational Linguistics (ACL), 2025. 页码 5796-5816 (Proceedings of the Annual Meeting of the Association for Computational Linguistics; 卷 1).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

AU - Huang, Yihao

AU - Wang, Chong

AU - Jia, Xiaojun

AU - Guo, Qing

AU - Juefei-Xu, Felix

AU - Zhang, Jian

AU - Liu, Yang

AU - Pu, Geguang

PY - 2025

Y1 - 2025

N2 - Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.

AB - Universal goal hijacking is a kind of prompt injection attack that forces LLMs to return a target malicious response for arbitrary normal user prompts. The previous methods achieve high attack performance while being too cumbersome and time-consuming. Also, they have concentrated solely on optimization algorithms, overlooking the crucial role of the prompt. To this end, we propose a method called POUGH that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies. Specifically, our method starts with a sampling strategy to select representative prompts from a candidate pool, followed by a ranking strategy that prioritizes them. Given the sequentially ranked prompts, our method employs an iterative optimization algorithm to generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. Experiments conducted on four popular LLMs and ten types of target responses verified the effectiveness. Warning: This paper contains model outputs that are offensive in nature.

UR - https://www.scopus.com/pages/publications/105021053870

U2 - 10.18653/v1/2025.acl-long.290

DO - 10.18653/v1/2025.acl-long.290

M3 - 会议稿件

AN - SCOPUS:105021053870

T3 - Proceedings of the Annual Meeting of the Association for Computational Linguistics

SP - 5796

EP - 5816

BT - Long Papers

A2 - Che, Wanxiang

A2 - Nabende, Joyce

A2 - Shutova, Ekaterina

A2 - Pilehvar, Mohammad Taher

PB - Association for Computational Linguistics (ACL)

T2 - 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025

Y2 - 27 July 2025 through 1 August 2025

ER -

Huang Y, Wang C, Jia X, Guo Q, Juefei-Xu F, Zhang J 等. Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization. 在 Che W, Nabende J, Shutova E, Pilehvar MT, 编辑, Long Papers. Association for Computational Linguistics (ACL). 2025. 页码 5796-5816. (Proceedings of the Annual Meeting of the Association for Computational Linguistics). doi: 10.18653/v1/2025.acl-long.290

Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此