Same topic, related formats. Practice these next.
Same topic, related formats. Practice these next.
Explain the mechanism of a Special Token Injection (STI) attack: how does unsanitized user input become a security vulnerability at the tokenizer level? Describe at least two concrete mitigations that can be applied before or during tokenization.
STI exploits the gap between a special token's string and its id: tokenized under add_special_tokens=True, user-typed markers become real structural ids the model trusts as legitimate boundaries.
Think of a building where doors open only for staff badges. An attacker prints a fake badge that looks exactly like the real one, and the scanner cannot tell the difference, so the fake opens secure doors. In a language model, the special tokens like the system marker are the badges that grant authority over the conversation. If user text containing a marker is scanned the normal way, the model accepts that fake badge as real and follows it. The defenses are to refuse to read user badges at all, to tear up any badge-looking text a user submits, and to keep visitors in a separate lane where they could never carry a staff badge.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example.
Everything important, quickly.
3-4 min: string vs id gap + forged-boundary consequence + add_special_tokens=False + input sanitization + structural separation + the re-tokenization pitfall.
Real products, models, and research that use this idea.
What an interviewer would ask next. Try answering before peeking at the approach.
Red flags and common mistakes that signal junior thinking. Click to expand.
Confusing STI with ordinary prompt injection. STI is the tokenizer-layer variant where user strings become genuine structural ids, not just persuasive natural-language text.
The night-before-the-interview bullets. Scan these on the way to the call.
Primary sources. Skim if you want the original framing.