Ben Nassi, Bruce Schneier, and Oleg Brodt coined a new term and introduced a five-step kill chain model in their paper, "The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware."
They mapped recent attacks to the new kill chain:
- Initial Access (prompt injection)
- Privilege Escalation (jailbreaking)
- Persistence (memory and retrieval poisoning)
- Lateral Movement (cross-system and cross-user propagation)
- Actions on Objective (ranging from data exfiltration to unauthorized transactions)
The authors aim to provide a shared vocabulary and methodology for threat modeling through this new model.
In my mind, it serves an even bigger role, elevating the conversation from a narrow "Can we block prompt injection?" to "How are we ensuring defense in depth?"
The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware