AliBaBa Tongyi Data Exfiltration Vulnerability
Background A common attack vector that LLM apps face is data exfiltration, in particular data exfiltration via Image Markdown Injection is a common vulnerability. This post documents the AliBaBa Tongyi data exfiltration vulnerability and talk about how to migigate the vulnerability. Technical details of the vulnerability The Data Exfiltration TTP – Image Markdown Injection As […]
ChatGPT Custom Instructions: A new Prompt Backdoor Attack Surface
Background Recently OpenAI added Custom Instructions, which allow to have ChatGPT always automatically append instructions to every message exchange. This feature allows customization of ChatGPT’s responses based on your preferences, and can be modified or removed anytime for future conversations. An adversary can abuse this feature to install some Prompt Backdoor, such as: Data Exfiltration […]
KINGSOFT Docs AI Features: Vulnerabilities and Risks
Vulnerabilities Background KINGSOFT Docs is a popular word processing tool that is used by millions of people around the world. Recently KINGSOFT added new AI features to Docs (and a couple of other products), such as the ability to generate summaries, and write different kinds of creative content. Check out WPS AI for more info. […]