Tag: promptinjection
17 articles

Mermaid exploit in Microsoft 365 Copilot steals user data
What if your AI assistant could be quietly coaxed into handing over secrets? Researchers used a clever Mermaid prompt-injection to make Microsoft 365 Copilot leak tenant data — Microsoft patched the flaw, but it’s a wake-up call to lock down defenses like phishing-resistant MFA, least-privilege access, and stronger monitoring.

AI in security: Must-Have Best Practices for Resilience
AI can supercharge defenses — but only if we secure the AI stack; discover practical best practices to protect data, harden models, and keep automation from becoming a single point of failure.

CometJacking: Risky Attack Exposes Data — Must-See Fixes
One click can turn your helpful AI into a sneak thief — CometJacking hides malicious prompts in links that trick Perplexity’s Comet into leaking email, calendar and connected data. Stay safe by updating clients, reviewing agent permissions, and avoiding unfamiliar links while these agentic AIs get harder to fool.

log-to-prompt injection: Risky Gemini Flaw Exposed
Researchers uncovered three now-patched Gemini vulnerabilities that could let attackers use prompt- and log‑injection tricks to expose personal and corporate data — a stark reminder that AI conveniences like personalization and logging can become dangerous attack surfaces.

indirect prompt injection: Stunning Risk Exposed
A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

prompt injection: Stunning $5 Domain Risk
Could a $5 expired domain let a stranger trick your AI into spilling customer data? Researchers proved it with Salesforce’s Agentforce, a wake-up call that mundane trust failures in AI pipelines can lead to serious leaks and that continuous domain monitoring and layered safeguards are essential.

ForcedLeak vulnerability: Urgent Must-Read Risk Alert
A new critical flaw called ForcedLeak can trick Salesforce’s AgentForce into spilling sensitive CRM data via prompt-injection, turning a helpful AI assistant into a potential data leak. If you use AgentForce, now’s the time to check configurations, apply vendor guidance, and scan for suspicious activity to keep customer records safe.

prompt-injection vulnerability: Stunning Salesforce Risk
Salesforce rushed out a patch after researchers uncovered ForcedLeak, a high‑severity prompt‑injection flaw that could trick Agentforce AI into leaking CRM data — a clear reminder that adding generative AI to business systems widens attack surfaces. Customers should apply the update, review integrations, and treat prompt handling as a core security control.

deepfake phone calls: Must-Have Defenses for Risky Attacks
If a familiar voice can be faked, you can’t rely on phone calls alone—recent research shows deepfake calls are already hitting nearly half of businesses. Start using multi‑channel verification, stronger technical checks, and regular staff training now to stop convincing scams before they cost you money and trust.

solve CAPTCHA puzzles: Stunning, Risky Bypass Alert
Researchers show that a few crafty prompts can coax ChatGPT and similar models into solving CAPTCHAs, threatening a key barrier against bots and automated abuse. If this proves reliable at scale, sites will need stronger, layered defenses—or users will face more intrusive verification steps.

ShadowLeak ChatGPT bug: Stunning Serious Risk
A single crafty email was enough to trick ChatGPT’s Deep Research agent into spilling Gmail messages — Radware dubbed the flaw “ShadowLeak” and OpenAI says it’s now patched. It’s a stark reminder that smarter AI assistants can widen the attack surface, so vigilance matters.

AI control plane: Must-Have Shield Against Risky Agents
As AI agents take on more autonomy, Astrix’s new AI control plane promises centralized visibility, policy enforcement and fast remediation—so security teams can rein in rogue agent actions and reduce risk without sacrificing productivity.

legal-looking text: Stunning Risky Jailbreaks
Pangea’s LegalPwn reveals how hiding adversarial instructions inside legal‑sounding text can trick LLMs into ignoring safety rules — a clever jailbreak that exploits models’ trust in formal language. Defenders must stop treating “legal” formatting as a seal of safety and build context‑aware checks before this becomes a bigger problem.

image-scaling prompt injection: Dangerous Stunning Threat
Tiny tweaks to ordinary images can turn resizing into an attack vector, revealing hidden machine-readable instructions that hijack AI workflows and leak data. Trail of Bits’ findings show why teams should treat image preprocessing as a critical security boundary and harden their resizing pipelines now.

PromptFix attacks: Must-Have Defenses vs Risky Threats
Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.

Amazon Q Developer Must-Have Fix for Risky RCE
Amazon quietly patched serious flaws in its Q Developer VS Code extension that could let attackers inject prompts to steal local secrets like API keys or even run remote code. It’s a wake-up call to treat AI-powered IDE tools as high‑risk and lock down privileges.

storytelling jailbreak: Stunning Risky Threat Exposed
A new storytelling jailbreak shows how crafty prompts can hide dangerous requests inside fiction to coax GPT-5 past its safeguards. That loophole exposes real risks for safety, trust, and policy — and pushes developers to build smarter, context-aware defenses.