all InfoSec news
Plugin Vulnerabilities: Visit a Website and Have Your Source Code Stolen
June 20, 2023, 3 p.m. |
Embrace The Red embracethered.com
In particular powerful plugins that can impersonate a user are not getting the required security scrutiny, or a general mitigation at the platform level.
As a brief reminder, one of the challenges Large Language Model (LLM) User-Agents, like ChatGPT, and plugins face is the Confused Deputy Problem / Plugin Request Forgery Attacks, which means that during a Prompt Injection attack an adversary can issue commands to plugins to cause …
challenges code general language large large language model llm mitigation openai platform plugin plugins reminder security source code stolen store vulnerabilities website
More from embracethered.com / Embrace The Red
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration
2 weeks, 2 days ago |
embracethered.com
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch
2 weeks, 3 days ago |
embracethered.com
ASCII Smuggler - Improvements
1 month, 3 weeks ago |
embracethered.com
ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs
2 months, 2 weeks ago |
embracethered.com
Video: ASCII Smuggling and Hidden Prompt Instructions
2 months, 2 weeks ago |
embracethered.com
Jobs in InfoSec / Cybersecurity
Azure DevSecOps Cloud Engineer II
@ Prudent Technology | McLean, VA, USA
Security Engineer III - Python, AWS
@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
SOC Analyst (Threat Hunter)
@ NCS | Singapore, Singapore
Managed Services Information Security Manager
@ NTT DATA | Sydney, Australia
Senior Security Engineer (Remote)
@ Mattermost | United Kingdom
Penetration Tester (Part Time & Remote)
@ TestPros | United States - Remote