On the Security Vulnerabilities of Text-to-SQL Models

arXiv:2211.15363v4 Announce Type: replace-cross
Abstract: Although it has been demonstrated that Natural Language Processing (NLP) algorithms are vulnerable to deliberate attacks, the question of whether such weaknesses can lead to software security threats is under-explored. To bridge this gap, we conducted vulnerability tests on Text-to-SQL systems that are commonly used to create natural language interfaces to databases. We showed that the Text-to-SQL modules within six commercial applications can be manipulated to produce malicious code, potentially leading to data breaches and …

algorithms arxiv attacks bridge can cs.cl cs.cr cs.db cs.lg cs.se gap language natural natural language natural language processing nlp question security security threats software software security sql systems tests text text-to-sql threats under vulnerabilities vulnerability vulnerable weaknesses