all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data

Add to bookmarks
e
May 28, 2023, 7 p.m. |

Embrace The Red embracethered.com

If you are building ChatGPT plugins, LLM agents, tools or integrations this is a must read. This post explains how the first exploitable Cross Plugin Request Forgery was found in the wild and the fix applied.
Indirect Prompt Injections Are Now A Reality With plugins Indirect Prompt Injections are now a reality in the ChatGPT ecosystem.
The real-world examples and demos provided by others and myself to raise awarness about this increasing problem have been mostly amusing and harmless, like …

chatgpt data explained exploit fix forgery injection integrations llm plugin plugins private private data prompt injection request tools

Visit resource

More from embracethered.com / Embrace The Red

Em
Automatic Tool Invocation when Browsing with ChatGPT - Threats and Mitigations 4 days, 2 hours ago | embracethered.com
apps automatic browsing can +12
Em
ChatGPT: Hacking Memories with Prompt Injection 1 week, 3 days ago | embracethered.com
agent ai assistant assistant attacker +18
Em
Machine Learning Attack Series: Backdooring Keras Models and How to Detect It 2 weeks ago | embracethered.com
adversaries arbitrary code arbitrary code execution artificial +18
Em
Pivot to the Clouds: Cookie Theft in 2024 2 weeks, 2 days ago | embracethered.com
blog browser clouds cookie +20
Em
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration 1 month, 2 weeks ago | embracethered.com
apps can chat control +19
Em
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch 1 month, 2 weeks ago | embracethered.com
center class conference dave +14
Em
Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix 1 month, 3 weeks ago | embracethered.com
data data exfiltration discipline easier +14
Em
The dangers of AI agents unfurling hyperlinks and what to do about it 1 month, 4 weeks ago | embracethered.com
agents ai agents ai chatbots attackers +11
Em
ASCII Smuggler - Improvements 2 months, 4 weeks ago | embracethered.com
ascii decode decoding end +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com