all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery

Add to bookmarks
e
May 16, 2023, 2:45 p.m. |

Embrace The Red embracethered.com

This post shows how a malicious website can take control of a ChatGPT chat session and exfiltrate the history of the conversation.
Plugins, Tools and Integrations With plugins, data exfiltration can happen by sending too much data into the plugin in the first place. More security controls and insights on what is being sent to the plugin are required to empower users.
However, this post is not about sending too much data to a plugin, but about a malicious actor …

chat chatgpt control controls conversation data data exfiltration exfiltration forgery history images insights integrations malicious malicious website plugin plugins request security security controls session the conversation tools website

Visit resource

More from embracethered.com / Embrace The Red

Em
Automatic Tool Invocation when Browsing with ChatGPT - Threats and Mitigations 4 days ago | embracethered.com
apps automatic browsing can +12
Em
ChatGPT: Hacking Memories with Prompt Injection 1 week, 3 days ago | embracethered.com
agent ai assistant assistant attacker +18
Em
Machine Learning Attack Series: Backdooring Keras Models and How to Detect It 2 weeks ago | embracethered.com
adversaries arbitrary code arbitrary code execution artificial +18
Em
Pivot to the Clouds: Cookie Theft in 2024 2 weeks, 2 days ago | embracethered.com
blog browser clouds cookie +20
Em
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration 1 month, 2 weeks ago | embracethered.com
apps can chat control +19
Em
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch 1 month, 2 weeks ago | embracethered.com
center class conference dave +14
Em
Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix 1 month, 3 weeks ago | embracethered.com
data data exfiltration discipline easier +14
Em
The dangers of AI agents unfurling hyperlinks and what to do about it 1 month, 4 weeks ago | embracethered.com
agents ai agents ai chatbots attackers +11
Em
ASCII Smuggler - Improvements 2 months, 4 weeks ago | embracethered.com
ascii decode decoding end +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com