Skip to main content

Tag: promptinjection

17 articles

Mermaid exploit in Microsoft 365 Copilot steals user data

Mermaid exploit in Microsoft 365 Copilot steals user data

What if your AI assistant could be quietly coaxed into handing over secrets? Researchers used a clever Mermaid prompt-injection to make Microsoft 365 Copilot leak tenant data — Microsoft patched the flaw, but it’s a wake-up call to lock down defenses like phishing-resistant MFA, least-privilege access, and stronger monitoring.

Analyst 207
AI in security: Must-Have Best Practices for Resilience

AI in security: Must-Have Best Practices for Resilience

AI can supercharge defenses — but only if we secure the AI stack; discover practical best practices to protect data, harden models, and keep automation from becoming a single point of failure.

Analyst 207
CometJacking: Risky Attack Exposes Data — Must-See Fixes

CometJacking: Risky Attack Exposes Data — Must-See Fixes

One click can turn your helpful AI into a sneak thief — CometJacking hides malicious prompts in links that trick Perplexity’s Comet into leaking email, calendar and connected data. Stay safe by updating clients, reviewing agent permissions, and avoiding unfamiliar links while these agentic AIs get harder to fool.

Analyst 207
log-to-prompt injection: Risky Gemini Flaw Exposed

log-to-prompt injection: Risky Gemini Flaw Exposed

Researchers uncovered three now-patched Gemini vulnerabilities that could let attackers use prompt- and log‑injection tricks to expose personal and corporate data — a stark reminder that AI conveniences like personalization and logging can become dangerous attack surfaces.

Analyst 207
indirect prompt injection: Stunning Risk Exposed

indirect prompt injection: Stunning Risk Exposed

A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

Analyst 207
prompt injection: Stunning $5 Domain Risk

prompt injection: Stunning $5 Domain Risk

Could a $5 expired domain let a stranger trick your AI into spilling customer data? Researchers proved it with Salesforce’s Agentforce, a wake-up call that mundane trust failures in AI pipelines can lead to serious leaks and that continuous domain monitoring and layered safeguards are essential.

Analyst 207
ForcedLeak vulnerability: Urgent Must-Read Risk Alert

ForcedLeak vulnerability: Urgent Must-Read Risk Alert

A new critical flaw called ForcedLeak can trick Salesforce’s AgentForce into spilling sensitive CRM data via prompt-injection, turning a helpful AI assistant into a potential data leak. If you use AgentForce, now’s the time to check configurations, apply vendor guidance, and scan for suspicious activity to keep customer records safe.

Analyst 207
prompt-injection vulnerability: Stunning Salesforce Risk

prompt-injection vulnerability: Stunning Salesforce Risk

Salesforce rushed out a patch after researchers uncovered ForcedLeak, a high‑severity prompt‑injection flaw that could trick Agentforce AI into leaking CRM data — a clear reminder that adding generative AI to business systems widens attack surfaces. Customers should apply the update, review integrations, and treat prompt handling as a core security control.

Analyst 207
deepfake phone calls: Must-Have Defenses for Risky Attacks

deepfake phone calls: Must-Have Defenses for Risky Attacks

If a familiar voice can be faked, you can’t rely on phone calls alone—recent research shows deepfake calls are already hitting nearly half of businesses. Start using multi‑channel verification, stronger technical checks, and regular staff training now to stop convincing scams before they cost you money and trust.

Analyst 207
solve CAPTCHA puzzles: Stunning, Risky Bypass Alert

solve CAPTCHA puzzles: Stunning, Risky Bypass Alert

Researchers show that a few crafty prompts can coax ChatGPT and similar models into solving CAPTCHAs, threatening a key barrier against bots and automated abuse. If this proves reliable at scale, sites will need stronger, layered defenses—or users will face more intrusive verification steps.

Analyst 207
ShadowLeak ChatGPT bug: Stunning Serious Risk

ShadowLeak ChatGPT bug: Stunning Serious Risk

A single crafty email was enough to trick ChatGPT’s Deep Research agent into spilling Gmail messages — Radware dubbed the flaw “ShadowLeak” and OpenAI says it’s now patched. It’s a stark reminder that smarter AI assistants can widen the attack surface, so vigilance matters.

Analyst 207
AI control plane: Must-Have Shield Against Risky Agents

AI control plane: Must-Have Shield Against Risky Agents

As AI agents take on more autonomy, Astrix’s new AI control plane promises centralized visibility, policy enforcement and fast remediation—so security teams can rein in rogue agent actions and reduce risk without sacrificing productivity.

Analyst 207
legal-looking text: Stunning Risky Jailbreaks

legal-looking text: Stunning Risky Jailbreaks

Pangea’s LegalPwn reveals how hiding adversarial instructions inside legal‑sounding text can trick LLMs into ignoring safety rules — a clever jailbreak that exploits models’ trust in formal language. Defenders must stop treating “legal” formatting as a seal of safety and build context‑aware checks before this becomes a bigger problem.

Analyst 207
image-scaling prompt injection: Dangerous Stunning Threat

image-scaling prompt injection: Dangerous Stunning Threat

Tiny tweaks to ordinary images can turn resizing into an attack vector, revealing hidden machine-readable instructions that hijack AI workflows and leak data. Trail of Bits’ findings show why teams should treat image preprocessing as a critical security boundary and harden their resizing pipelines now.

Analyst 207
PromptFix attacks: Must-Have Defenses vs Risky Threats

PromptFix attacks: Must-Have Defenses vs Risky Threats

Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.

Analyst 207
Amazon Q Developer Must-Have Fix for Risky RCE

Amazon Q Developer Must-Have Fix for Risky RCE

Amazon quietly patched serious flaws in its Q Developer VS Code extension that could let attackers inject prompts to steal local secrets like API keys or even run remote code. It’s a wake-up call to treat AI-powered IDE tools as high‑risk and lock down privileges.

Analyst 207
storytelling jailbreak: Stunning Risky Threat Exposed

storytelling jailbreak: Stunning Risky Threat Exposed

A new storytelling jailbreak shows how crafty prompts can hide dangerous requests inside fiction to coax GPT-5 past its safeguards. That loophole exposes real risks for safety, trust, and policy — and pushes developers to build smarter, context-aware defenses.

Analyst 207