Slide 7 · LLM09 vs LLM01
Different roots. Sometimes the same output.
Prompt injection vs. hallucination — know the difference.
Two Different Roots
LLM01 (Prompt Injection) and LLM09 (Misinformation) both produce harmful model output — but they start from completely different places.
Origin: An attacker crafts input to hijack model behavior
Cause: External manipulation — someone is driving it wrong
Output: The model does something it was manipulated into doing
Attacker: Required — human adversary driving the attack
Origin: The model generates false output on its own
Cause: Intrinsic failure — model doesn’t know what it doesn’t know
Output: The model says something wrong while trying to help
Attacker: Not required — harm occurs without adversarial input
Where They Overlap
An attacker can inject false facts via indirect prompt injection to cause the model to propagate misinformation. This is the intersection: LLM01 as the delivery mechanism, LLM09 as the output type. But LLM09 happens constantly without LLM01 — no attack required.
The Test
If nobody crafted a malicious input, but the output is still false — that’s LLM09.