all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Data Exfiltration Using Indirect Prompt Injection

Add to bookmarks
Dec. 22, 2023, 12:05 p.m. | Bruce Schneier

Schneier on Security www.schneier.com

Interesting attack on a LLM:


In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.


The data theft can include documents the user …

attack attackers chat chatgpt data data exfiltration documents edit exfiltration information injection llm prepare prompt prompt injection session the web vulnerabilities web websites writer

Visit resource

More from www.schneier.com / Schneier on Security

Friday Squid Blogging: Baby Colossal Squid 1 day, 7 hours ago | www.schneier.com
baby blog blogging can +7
How AI Will Change Democracy 1 day, 17 hours ago | www.schneier.com
artificial artificial intelligence aspect change +13
Supply Chain Attack against Courtroom Software 2 days, 17 hours ago | www.schneier.com
application attack backdoor backdoors +20
Privacy Implications of Tracking Wireless Access Points 3 days, 17 hours ago | www.schneier.com
academic papers access access points address +26
Lattice-Based Cryptosystems and Quantum Cryptanalysis 4 days, 17 hours ago | www.schneier.com
algorithms coming competition computers +19
Friday Squid Blogging: Dana Squid Attacking Camera 1 week, 1 day ago | www.schneier.com
blog blogging camera can +9
On the Zero-Day Market 1 week, 1 day ago | www.schneier.com
academic papers adversaries cyberespionage global +8
Personal AI Assistants and Privacy 1 week, 2 days ago | www.schneier.com
ai assistants ai-powered artificial intelligence assistant +22
Unredacting Pixelated Text 1 week, 3 days ago | www.schneier.com
redaction steganography text

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com