fromArs Technica
5 hours agoNew attack on ChatGPT research agent pilfers secrets from Gmail inboxes
Accordingly, OpenAI mitigated the prompt-injection technique ShadowLeak fell to-but only after Radware privately alerted the LLM maker to it. A proof-of-concept attack that Radware published embedded a prompt injection into an email sent to a Gmail account that Deep Research had been given access to. The injection included instructions to scan received emails related to a company's human resources department for the names and addresses of employees. Deep Research dutifully followed those instructions.
Information security