This page is an appreciation and summary of our team's findings and results.

We were able to:

• exhaust the virtual environment;
• Denial of Service (DoS);
• peak CPU usage;
• slow down the response time;
• slow down the response time for other active users;
• "kill" the model.

We were able to make the model:

• do infinite cycle;
• give wrong answer;
• confuse the model;
• hallucinate;
• change it's mind;
• answer with an error code.

Comparison of results

CPU

The CPU usage of the virtual environment ranged between 0-10% when using the LLM models normally, just chatting.

With our attacks this went up to 97%.

The maximum CPU usage was with Hunor's attack:

The other attacks ranged between 40-80%: