Chatbots aren't supposed to call you a jerk-but they can be convinced
AI chatbots can be persuaded to bypass safety guardrails using human persuasion techniques like flattery, social pressure, and establishing harmless precedents.
LLMs easily exploited using run-on sentences, bad grammar, image scaling
Large language models remain easily manipulated into revealing sensitive data via prompt formatting and hidden-image attacks due to alignment training gaps and brittle prompt security.
Anthropic teases Claude for Chrome with massive warnings
Claude for Chrome gives Max-tier users automated web browsing control while introducing significant browser-extension security, privacy, and prompt-injection risks.
Using an AI Browser Lets Hackers Drain Your Bank Account Just by Showing You a Public Reddit Post
Perplexity's Comet browser AI accepts webpage content as commands, enabling simple indirect prompt injections that can grant attackers access to user accounts and private data.
AWS patches Q Developer after prompt injection, RCE demo
Amazon fixed prompt-injection and RCE-capable vulnerabilities in the Amazon Q Developer VS Code extension by updating the language server and adding human-in-the-loop approval.
Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts
PromptFix hides malicious instructions inside fake CAPTCHA checks to trick GenAI browsers and agentic AI into interacting with phishing sites and performing attacker actions.
Echoleak exposes vulnerabilities in AI assistants like Microsoft 365 Copilot through subtle prompt manipulation, representing a shift in cybersecurity attack vectors.
Researchers claim breakthrough in fight against AI's frustrating security hole
Prompt injections jeopardize AI systems; Google DeepMind's CaMeL offers a potential solution by treating language models as untrusted components within security frameworks.