{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T21:57:03Z","timestamp":1770155823895,"version":"3.49.0"},"publisher-location":"Singapore","reference-count":24,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819564187","type":"print"},{"value":"9789819564194","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-6419-4_9","type":"book-chapter","created":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T08:58:13Z","timestamp":1770109093000},"page":"146-160","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Prompt-in-Content Attacks: Exploiting Uploaded Inputs to\u00a0Hijack LLM Behavior"],"prefix":"10.1007","author":[{"given":"Zhuotao","family":"Lian","sequence":"first","affiliation":[]},{"given":"Weiyu","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Qingkui","family":"Zeng","sequence":"additional","affiliation":[]},{"given":"Toru","family":"Nakanishi","sequence":"additional","affiliation":[]},{"given":"Teruaki","family":"Kitasuka","sequence":"additional","affiliation":[]},{"given":"Chunhua","family":"Su","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,4]]},"reference":[{"issue":"3","key":"9_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3641289","volume":"15","author":"Y Chang","year":"2024","unstructured":"Chang, Y., et al.: A survey on evaluation of large language models. ACM Trans. Intell. Syst. Technol. 15(3), 1\u201345 (2024)","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"9_CR2","unstructured":"Chen, Z.Z., et al.: A survey on large language models for critical societal domains: finance, healthcare, and law. arXiv preprint arXiv:2405.01769 (2024)"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Choi, Y., Azad, F.T.: Improving the text convolution mechanism with large language model for review-based recommendation. In: 2024 IEEE International Conference on Big Data (BigData), pp. 6977\u20136981. IEEE (2024)","DOI":"10.1109\/BigData62323.2024.10825014"},{"issue":"6","key":"9_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3712001","volume":"57","author":"BC Das","year":"2025","unstructured":"Das, B.C., Amini, M.H., Wu, Y.: Security and privacy challenges of large language models: a survey. ACM Comput. Surv. 57(6), 1\u201339 (2025)","journal-title":"ACM Comput. Surv."},{"issue":"1","key":"9_CR5","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1186\/s42400-024-00279-9","volume":"7","author":"J He","year":"2024","unstructured":"He, J., et al.: Evilpromptfuzzer: generating inappropriate content based on text-to-image models. Cybersecurity 7(1), 70 (2024)","journal-title":"Cybersecurity"},{"key":"9_CR6","unstructured":"Hines, K., Lopez, G., Hall, M., Zarfati, F., Zunger, Y., Kiciman, E.: Defending against indirect prompt injection attacks with spotlighting. arXiv preprint arXiv:2403.14720 (2024)"},{"key":"9_CR7","unstructured":"Huang, Y., et\u00a0al.: Advancing transformer architecture in long-context large language models: a comprehensive survey. arXiv preprint arXiv:2311.12351 (2023)"},{"key":"9_CR8","doi-asserted-by":"publisher","first-page":"102274","DOI":"10.1016\/j.lindif.2023.102274","volume":"103","author":"E Kasneci","year":"2023","unstructured":"Kasneci, E., et al.: Chatgpt for good? on opportunities and challenges of large language models for education. Learn. Individ. Differ. 103, 102274 (2023)","journal-title":"Learn. Individ. Differ."},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Kokala, A.: Harnessing ai for bpm: streamlining complex workflows and enhancing efficiency. Authorea Preprints (2024)","DOI":"10.36227\/techrxiv.173532331.17776706\/v1"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Lai, J., Gan, W., Wu, J., Qi, Z., Yu, P.S.: Large language models in law: a survey. AI Open (2024)","DOI":"10.1016\/j.aiopen.2024.09.002"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Lee, Y., et al.: Docvoyager: anticipating user\u2019s information needs and guiding document reading through question answering. In: Proceedings of the Extended Abstracts of the CHI Conference on Human Factors in Computing Systems, pp.\u00a01\u20138 (2025)","DOI":"10.1145\/3706599.3719846"},{"key":"9_CR12","unstructured":"Li, H., Su, J., Chen, Y., Li, Q., Zhang, Z.X.: Sheetcopilot: bringing software productivity to the next level through large language models. In: Advances in Neural Information Processing Systems, vol. 36, pp. 4952\u20134984 (2023)"},{"key":"9_CR13","unstructured":"Liu, X., Yu, Z., Zhang, Y., Zhang, N., Xiao, C.: Automatic and universal prompt injection attacks against large language models. arXiv preprint arXiv:2403.04957 (2024)"},{"key":"9_CR14","unstructured":"Liu, Y., Jia, Y., Geng, R., Jia, J., Gong, N.Z.: Formalizing and benchmarking prompt injection attacks and defenses. In: 33rd USENIX Security Symposium (USENIX Security 24), pp. 1831\u20131847 (2024)"},{"issue":"5","key":"9_CR15","first-page":"39","volume":"12","author":"R Mudarova","year":"2024","unstructured":"Mudarova, R., Namiot, D.: Countering prompt injection attacks on large language models. Int. J. Open Inf. Technol. 12(5), 39\u201348 (2024)","journal-title":"Int. J. Open Inf. Technol."},{"issue":"1","key":"9_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10586-023-04203-7","volume":"27","author":"D Myers","year":"2024","unstructured":"Myers, D., et al.: Foundation and large language models: fundamentals, challenges, opportunities, and social impacts. Clust. Comput. 27(1), 1\u201326 (2024)","journal-title":"Clust. Comput."},{"key":"9_CR17","unstructured":"Ndum, Z., Tao, J., Ford, J., Liu, Y.: Automating input-file based modeling and simulation with large language model agents: an autofluka case study. Available at SSRN 5017385"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Qi, S., Wang, F., Sun, H., Ge, Y., Xiao, B.: Gvdie: a zero-shot generative information extraction method for visual documents based on large language models. In: 2024 Asia Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), pp.\u00a01\u20136. IEEE (2024)","DOI":"10.1109\/APSIPAASC63619.2025.10848851"},{"key":"9_CR19","unstructured":"Wang, C., et al.: Safeguarding crowdsourcing surveys from chatgpt with prompt injection. arXiv preprint arXiv:2306.08833 (2023)"},{"key":"9_CR20","unstructured":"Wang, J., et al.: Fath: authentication-based test-time defense against indirect prompt injection attacks. arXiv preprint arXiv:2410.21492 (2024)"},{"key":"9_CR21","unstructured":"Wu, F., Zhang, N., Jha, S., McDaniel, P., Xiao, C.: A new era in llm security: exploring security concerns in real-world llm-based systems (2024). https:\/\/arxiv.org\/abs\/2402.18649"},{"key":"9_CR22","unstructured":"Yi, J., et al.: Benchmarking and defending against indirect prompt injection attacks on large language models. arXiv preprint arXiv:2312.14197 (2023)"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Zhang, C., Jin, M., Yu, Q., Liu, C., Xue, H., Jin, X.: Goal-guided generative prompt injection attack on large language models. arXiv preprint arXiv:2404.07234 (2024)","DOI":"10.1109\/ICDM59182.2024.00119"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Zhang, Q., et al.: Imperceptible content poisoning in llm-powered applications. In: Proceedings of the 39th IEEE\/ACM International Conference on Automated Software Engineering, pp. 242\u2013254 (2024)","DOI":"10.1145\/3691620.3695001"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-6419-4_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T08:58:19Z","timestamp":1770109099000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-6419-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9789819564187","9789819564194"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-6419-4_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"4 February 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Wuhan","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nsclab.org\/nss-socialsec2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}