all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Data Exfiltration Using Indirect Prompt Injection

Add to bookmarks
Dec. 22, 2023, 12:05 p.m. | Bruce Schneier

Schneier on Security www.schneier.com

Interesting attack on a LLM:


In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.


The data theft can include documents the user …

attack attackers chat chatgpt data data exfiltration documents edit exfiltration information injection llm prepare prompt prompt injection session the web vulnerabilities web websites writer

Visit resource

More from www.schneier.com / Schneier on Security

New Attack on VPNs 1 day, 8 hours ago | www.schneier.com
applications attack cyberattack encrypted +14
New Lawsuit Attempting to Make Adversarial Interoperability Legal 2 days, 13 hours ago | www.schneier.com
adversarial copyright courts interoperability +4
Friday Squid Blogging: Squid Purses 5 days, 3 hours ago | www.schneier.com
blog blogging can guidelines +6
My TED Talks 5 days, 6 hours ago | www.schneier.com
conferences controls data internet +9
Rare Interviews with Enigma Cryptanalyst Marian Rejewski 5 days, 13 hours ago | www.schneier.com
crack cryptanalysis enigma history of cryptography +5
The UK Bans Default Passwords 6 days, 13 hours ago | www.schneier.com
act and telecommunications ban bans +19
AI Voice Scam 1 week ago | www.schneier.com
artificial intelligence bbc money scam +4
WhatsApp in India 1 week, 1 day ago | www.schneier.com
courts encryption end end-to-end +5
Whale Song Code 1 week, 2 days ago | www.schneier.com
basic broadcast code cold +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Engineer

@ Celonis | Munich, Germany
View on infosec-jobs.com

Security Engineer, Cloud Threat Intelligence

@ Google | Reston, VA, USA; Kirkland, WA, USA
View on infosec-jobs.com

IT Security Analyst*

@ EDAG Group | Fulda, Hessen, DE, 36037
View on infosec-jobs.com

Scrum Master/ Agile Project Manager for Information Security (Temporary)

@ Guidehouse | Lagunilla de Heredia
View on infosec-jobs.com

Waste Incident Responder (Tanker Driver)

@ Severn Trent | Derby , England, GB
View on infosec-jobs.com

Risk Vulnerability Analyst w/Clearance - Colorado

@ Rothe | Colorado Springs, CO, United States
View on infosec-jobs.com
View more jobs