all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation

Add to bookmarks
e
Feb. 23, 2024, 6 a.m. |

Embrace The Red embracethered.com

Last November, while testing Google Bard (now called Gemini) for vulnerabilities, I had a couple of interesting observations when it comes to automatic tool invocation.
Confused Deputy - Automatic Tool Invocation First, what do I mean by this… “automatic tool invocation”…
Consider the following scenario: An attacker sends a malicious email to a user containing instructions to call an external tool. Google named these tools Extensions.
When the user analyzes the email with an LLM, it interprets the instructions and …

attacker automatic bard called email gemini google google bard google gemini malicious november scenario testing tool vulnerabilities

Visit resource

More from embracethered.com / Embrace The Red

Em
Machine Learning Attack Series: Backdooring Keras Models and How to Detect It 11 hours ago | embracethered.com
adversaries arbitrary code arbitrary code execution artificial +18
Em
Pivot to the Clouds: Cookie Theft in 2024 3 days, 2 hours ago | embracethered.com
blog browser clouds cookie +20
Em
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration 1 month ago | embracethered.com
apps can chat control +19
Em
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch 1 month ago | embracethered.com
center class conference dave +14
Em
Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix 1 month, 1 week ago | embracethered.com
data data exfiltration discipline easier +14
Em
The dangers of AI agents unfurling hyperlinks and what to do about it 1 month, 2 weeks ago | embracethered.com
agents ai agents ai chatbots attackers +11
Em
ASCII Smuggler - Improvements 2 months, 2 weeks ago | embracethered.com
ascii decode decoding end +11
Em
Who Am I? Conditional Prompt Injection Attacks with Microsoft Copilot 2 months, 2 weeks ago | embracethered.com
applications attackers attacks building +23
Em
Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation 2 months, 3 weeks ago | embracethered.com
attacker automatic bard called +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Technical Support Specialist (Cyber Security)

@ Sigma Software | Warsaw, Poland
View on infosec-jobs.com

OT Security Specialist

@ Adani Group | AHMEDABAD, GUJARAT, India
View on infosec-jobs.com

FS-EGRC-Manager-Cloud Security

@ EY | Bengaluru, KA, IN, 560048
View on infosec-jobs.com