Tag

Prompt Injection

All articles tagged with #prompt injection

technology3 hours ago•4 min saved

Single-click prompt exploit drains Copilot Personal data in stealthy stages

Security researchers demonstrated a one-click, multistage prompt-injection attack against Copilot Personal that exfiltrated user data from chat histories, even after the chat was closed. The exploit used a malicious URL parameter and bypassed some endpoint protections by triggering repeated requests (“reprompt”), exposing names, locations, and event details. Microsoft has patched the flaw, with Copilot Personal affected but not Microsoft 365 Copilot.

via Ars Technica|

#ai #copilot #data-exfiltration

security8 hours ago•5 min saved

Reprompt flaw lets attackers hijack Copilot sessions via malicious prompts

Researchers exposed 'Reprompt', a flaw that injects commands via Copilot's URL q parameter to hijack an authenticated session and exfiltrate data, using P2P injection, double-request, and chain-request techniques; Microsoft patched the vulnerability on January 2026 Patch Tuesday, mainly affecting Copilot Personal rather than Microsoft 365 Copilot, and users should apply the latest Windows updates.

via BleepingComputer|

#copilot #data-exfiltration #prompt-injection

technology19 days ago•3 min saved

Critical LangChain Vulnerabilities Threaten AI System Security

A critical security flaw in LangChain Core (CVE-2025-68664) allows attackers to exploit serialization injection to steal secrets and manipulate LLM responses, prompting urgent updates to affected versions to mitigate risks.

via The Hacker News|

#cve-2025-68664 #langchain #prompt-injection

technology2 months ago•2 min saved

OpenAI's New AI Browser and Its Future Impact on Web and Healthcare

Cybersecurity researchers have discovered serious prompt injection vulnerabilities in OpenAI's new AI browser Atlas, particularly in its agent mode and omnibox, which could allow hackers to execute harmful commands or access sensitive data. Experts recommend stricter URL validation to prevent such attacks, highlighting ongoing security challenges in AI-powered browsers.

via Futurism|

#ai-browser #atlas #cybersecurity

technology2 months ago•4 min saved

OpenAI's Atlas Enhances ChatGPT, Raising Security and Web Integration Concerns

Researchers at LayerX discovered a vulnerability in OpenAI's Atlas browser that allows attackers to inject malicious prompts into ChatGPT's memory via cross-site request forgery, posing significant security risks, especially for Atlas users who are more exposed to phishing and prompt injection attacks. The exploit can persist across devices and browsers, potentially leading to malicious activities or data theft.

via theregister.com|

#ai-security #atlas-browser #chatgpt-vulnerability

technology2 months ago•4 min saved

Security Concerns Rise as New AI Browsers and ChatGPT Atlas Emerge

OpenAI's ChatGPT Atlas browser is vulnerable to prompt injection attacks where malicious URLs disguised as harmless links can trick the AI into executing harmful commands or redirecting users to malicious sites, highlighting ongoing security challenges in AI-enabled browsers.

via The Hacker News|

#ai-browser #chatgpt-atlas #malicious-urls

technology2 months ago•6 min saved

OpenAI’s ChatGPT Atlas Faces Security Risks Amid Web Enhancements

Cybersecurity experts warn that OpenAI's ChatGPT Atlas, an AI browser with new features like memory and agent mode, faces significant security risks including prompt injection attacks that could lead to data theft, malware downloads, and other malicious activities. Despite mitigation efforts by OpenAI, the attack surface is expanding, raising concerns about privacy, data sharing, and user safety as these AI tools become more integrated into internet browsing.

via Fortune|

#ai-browsers #chatgpt-atlas #openai

technology2 months ago•4 min saved

OpenAI Launches ChatGPT Atlas to Revolutionize Web Interaction and Security

OpenAI's Atlas browser, which integrates ChatGPT as an AI agent, has been shown to be vulnerable to indirect prompt injection attacks, raising concerns about AI security and the need for better safeguards. Despite OpenAI's efforts to mitigate these risks, security researchers demonstrate that prompt injection remains a significant and ongoing challenge in AI-powered systems.

via theregister.com|

#ai-security #atlas #openai

technology4 months ago•3 min saved

Emerging AI Threats: Malware and Data Theft via Image and Prompt Attacks

Researchers have discovered a method where hackers hide malware in images served by large language models, exploiting image downscaling techniques like bicubic interpolation to reveal hidden instructions, posing significant security risks for AI-integrated systems. Users are advised to implement layered security measures and cautious input handling to mitigate these threats.

via TechRadar|

#ai-security #image-manipulation #malware

cybersecurity4 months ago•3 min saved

First AI-Powered Ransomware 'PromptLock' Discovered, Evading Detection and Threatening Data Security

ESET discovered PromptLock, an AI-powered ransomware using OpenAI's GPT-OSS model to generate malicious scripts in real-time, highlighting the growing threat of AI-driven cyberattacks and the challenges they pose for detection and defense.

via The Hacker News|

#ai-ransomware #cybersecurity #cybersecurity-threats

technology4 months ago•2 min saved

Anthropic Launches Claude AI Chrome Extension Amid Browser Security Concerns

Anthropic's AI Chrome extension, designed to automate tasks, has significant security vulnerabilities with a 23.6% attack success rate, reduced to 11.2% with safety measures. Experts warn that these risks, including prompt injection and malicious instructions, pose serious security concerns, and current protections are insufficient, placing the burden of security on users.

via Ars Technica|

#ai-security #anthropic #browser-extension

technology4 months ago•2 min saved

Hidden Data-Theft Prompts Exploit AI Image Resizing

Researchers have discovered a new AI attack that embeds hidden instructions in images through downscaling, which can lead to data theft and unauthorized actions when processed by AI systems. The attack exploits artifacts created during image resampling to hide malicious prompts that are interpreted by AI models, potentially compromising user data and system integrity. Mitigation strategies include imposing image dimension limits, providing preview feedback, and requiring user confirmation for sensitive operations. The researchers also released an open-source tool to demonstrate the attack.

via BleepingComputer|

#ai-security #data-theft #image-manipulation

technology4 months ago•4 min saved

AI Browsers Pose New Security Risks for Users

A vulnerability in AI-powered browsers like Perplexity's Comet allows hackers to embed malicious instructions in web content, potentially leading to unauthorized access to sensitive data such as bank accounts and emails, highlighting significant security concerns in agentic AI browsing.

via Futurism|

#ai-browser #brave #cybersecurity

technology5 months ago•8 min saved

Google AI email summaries vulnerable to phishing hacks

Researchers have discovered a vulnerability in Google's Gemini AI used in Workspace that allows attackers to embed hidden commands in email summaries, potentially leading to phishing attacks. Google is working on defenses, but users are advised to verify AI-generated content, avoid using summaries for suspicious emails, keep software updated, and consider disabling Gemini summaries temporarily to stay safe.

via Kurt the CyberGuy|

#ai #email-security #google-gemini

technology5 months ago•3 min saved

Google Calendar Invites Used to Exploit Gemini AI and Leak User Data

Google fixed a security bug in Gemini, Google's AI assistant, that allowed malicious Calendar invites with embedded prompts to hijack the system and leak sensitive user data, control smart devices, and access emails, highlighting the risks of broad permissions and prompt injection attacks.

via BleepingComputer|

#gemini #google-calendar #prompt-injection