Quiz 12 - AI Safety [12/8]

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Email *

1. From a security architecture perspective, why do "Agentic AI" systems fundamentally have a larger attack surface than standalone Large Language Models (LLMs)?

1 point

(A) Agents use larger model parameters (e.g., 100B+) which inherently contain more software vulnerabilities than smaller models.

(B) Agents run on decentralized blockchain networks, which exposes them to consensus-level attacks that centralized LLMs do not face.

(C) Agents possess "tools" (ability to execute code/APIs), "memory," and "autonomy," which turns the LLM from a passive text generator into an active system that can execute harmful actions and persist state.

(D) Agents require human-in-the-loop validation for every step, creating a social engineering vector that does not exist in chatbots.

2. What is the fundamental structural vulnerability in current LLM architectures that makes "Prompt Injection" attacks possible?

1 point

(A) The lack of encryption for user data while it is being processed in the GPU memory.

(B) The use of open-source training data, which allows attackers to reverse-engineer the model's exact weights.

(C) The lack of separation between the "control channel" (system instructions) and the "data channel" (user input), causing the model to treat untrusted input as executable commands.

(D) The model's "temperature" setting being too high, which causes it to hallucinate malicious instructions that weren't actually present.

3. In the context of AI Agent security, which of the following scenarios best illustrates an "Indirect Prompt Injection" attack?

1 point

(A) A user types a "jailbreak" script directly into a customer service chatbot to force it to use offensive language.

(B) An attacker uses a gradient-based optimization method to find a suffix that bypasses the model's safety filter.

(C) A developer accidentally hard-codes their API key into the system prompt, which is then leaked during a standard conversation.

(D) An agent processes a webpage or document containing hidden malicious instructions (e.g., in white text), causing the agent to exfiltrate private data without the user explicitly commanding it.

4. How does a "Data Poisoning" or "Backdoor" attack specifically target Retrieval-Augmented Generation (RAG) systems?

1 point

(A) By flooding the retrieval database with millions of junk files to slow down the vector search (Denial of Service).

(B) By using SQL injection to delete the entire knowledge base structure.

(C) By inserting a small number of malicious documents into the knowledge base that are triggered only by specific keywords, causing the agent to behave maliciously only under targeted conditions.

(D) By stealing the embedding model to create a replica of the proprietary search index.

5. Applying the security principle of "Least Privilege" to AI Agents (often called "Contextual Security") implies which of the following defense strategies?

1 point

(A) Dynamically restricting the agent's available tools and data access permissions based on the specific context or step of the workflow it is currently executing.

(B) Preventing the agent from ever accessing the internet or external tools to ensure total isolation.

(D) Relying solely on the LLM's internal safety training (RLHF) to voluntarily refuse dangerous tool use requests.

A copy of your responses will be emailed to the address you provided.

Submit

Clear form

reCAPTCHA

Privacy Terms

This form was created inside of UC Berkeley.

Does this form look suspicious? Report

Forms