all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation

Add to bookmarks
e
Feb. 23, 2024, 6 a.m. |

Embrace The Red embracethered.com

Last November, while testing Google Bard (now called Gemini) for vulnerabilities, I had a couple of interesting observations when it comes to automatic tool invocation.
Confused Deputy - Automatic Tool Invocation First, what do I mean by this… “automatic tool invocation”…
Consider the following scenario: An attacker sends a malicious email to a user containing instructions to call an external tool. Google named these tools Extensions.
When the user analyzes the email with an LLM, it interprets the instructions and …

attacker automatic bard called email gemini google google bard google gemini malicious november scenario testing tool vulnerabilities

Visit resource

More from embracethered.com / Embrace The Red

Em
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration 1 week, 6 days ago | embracethered.com
apps can chat control +19
Em
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch 2 weeks ago | embracethered.com
center class conference dave +14
Em
Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix 2 weeks, 6 days ago | embracethered.com
data data exfiltration discipline easier +14
Em
The dangers of AI agents unfurling hyperlinks and what to do about it 3 weeks, 4 days ago | embracethered.com
agents ai agents ai chatbots attackers +11
Em
ASCII Smuggler - Improvements 1 month, 3 weeks ago | embracethered.com
ascii decode decoding end +11
Em
Who Am I? Conditional Prompt Injection Attacks with Microsoft Copilot 1 month, 3 weeks ago | embracethered.com
applications attackers attacks building +23
Em
Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation 2 months ago | embracethered.com
attacker automatic bard called +11
Em
ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs 2 months, 2 weeks ago | embracethered.com
bug chatgpt code disclosure +11
Em
Video: ASCII Smuggling and Hidden Prompt Instructions 2 months, 2 weeks ago | embracethered.com
ascii beyond block call +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Lead Technical Product Manager - Threat Protection

@ Mastercard | Remote - United Kingdom
View on infosec-jobs.com

Data Privacy Officer

@ Banco Popular | San Juan, PR
View on infosec-jobs.com

GRC Security Program Manager

@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Warrington, United Kingdom
View on infosec-jobs.com

Privacy Engineer, Technical Audit

@ Meta | Menlo Park, CA
View on infosec-jobs.com
View more jobs