생성형AI 프롬프트 인젝션의 형사법적 규제 방안 연구: 한미 비교법적 분석을 중심으로

The advancement of Generative Artificial Intelligence (GAI) technology poses serious security threats such as 'prompt injection,' demanding effective legal responses. This study analyzes the technical risks of prompt injection attacks and the resultant criminal law issues, comparatively examining the relevant legal systems and regulatory trends in South Korea and the United States. Findings indicate that both countries lack specific legislation directly regulating prompt injection, instead attempting to apply existing cybercrime statutes (e.g., Network Act, Criminal Act in Korea / CFAA, Wire Fraud Act in the US). However, significant legal uncertainty exists in interpreting and applying established legal concepts such as 'intrusion,' 'exceeding authorized access,' or 'deceit' due to the unique technical characteristics of AI systems. Regulatory approaches also differ: South Korea aims to establish a comprehensive foundation of trust through its enacted 'AI Basic Act,' whereas the US adopts a more decentralized and flexible approach centered around guidelines like those from NIST. Furthermore, various legal issues concerning civil liability, including trade secrets, copyright, and defamation, arise, yet clear standards are lacking. In conclusion, effectively countering the threat of prompt injection requires not only the establishment of multi-layered technical defense systems but also robust AI governance frameworks and urgent legal and institutional adjustments. The study emphasizes the necessity of continuous dialogue and cooperation among stakeholders—including the tech community, policymakers, and legal experts—to strike a balance between technological innovation and societal safety.