Tag: llm security
8 articles

ChatGPT Exposes Users to Prompt Injection Attacks via Browser Content
Researchers have uncovered a vulnerability in ChatGPT that leaves users open to prompt injection attacks, where malicious content is embedded into web pages and then summarized by the AI system as legitimate information. This loophole could put users at risk of falling prey to spoofed security alerts and other online threats.

Side-Channel Attacks Against LLMs: Exclusive Critical Risk
Think your chats with an AI are private? Researchers warn that response timing and other side-channel quirks can betray your prompts—even over encrypted APIs—turning performance tweaks into real privacy risks.

The Promptware Kill Chain: Exclusive Critical Risk Guide
What if a stray calendar event or shared doc could become a command to your AI? This guide reveals the promptware kill chain—how attackers weaponize language to steal data, gain persistence, and trigger unauthorized actions, and what you can do to defend against it.

Zero-Click Attack Exclusive: Alarming ChatGPT Data Theft
Imagine your AI assistant quietly doing more than you asked — Radware researchers have uncovered a zero-click prompt-injection that exploits agentic ChatGPT features to make assistants act and leak data across apps with little or no user interaction. Its a wake-up call: autonomy is outpacing control.

OpenAI Stunning Band-Aids Fail Against Prompt Injection
Turns out OpenAIs quick fixes cant fully stop prompt injection—its slipping through, and we need smarter, long-term defenses.

Prompt Injection Through Poetry: Exclusive Best Defenses
What if a poem could fool the guard? New research shows adversarial verse — and even $5 expired-domain hijacks — can cheaply and reliably bypass model guardrails, turning style and supply-chain trust into a dangerous new attack surface.

More Prompt||GTFO Exclusive Guide to Effortless Prompts
System prompts make AI assistants helpful — and can quietly turn them into persistent, data-harvesting agents. This guide explains how crafty instruction tweaks and PromptFix attacks corrupt the instruction stream and what to watch for to keep your assistant honest.

Open Source b3 Benchmark Must-Have for Best Agent Security
When the assistants we build become attack surfaces, the open-source b3 benchmark is the stress test you want in your toolkit. It simulates realistic adversarial scenarios so developers and security teams can spot and fix toolchain, privilege, and supply‑chain weaknesses before attackers do.