Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Data Exfiltration Using Indirect Prompt Injection

published on 2023-12-22 12:05:29 UTC by Bruce Schneier
Content:

Interesting attack on a LLM:

In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

The data theft can include documents the user has uploaded, their chat history or potentially specific private information the chat model can convince the user to divulge at the attacker’s behest.

Article: Data Exfiltration Using Indirect Prompt Injection - published 11 months ago.

https://www.schneier.com/blog/archives/2023/12/data-exfiltration-using-indirect-prompt-injection.html   
Published: 2023 12 22 12:05:29
Received: 2023 12 22 12:24:20
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor