simon, Nasty example here of a prompt injection data exfiltration attack against writer.com - made much worse by Writer's response to the responsible disclosure of the vulnerability that "We do not consider this to be a security issue since the real customer accounts do not have access to any website."
https://promptarmor.substack.com/p/data-exfiltration-from-writercom
I wrote more notes on this here: https://simonwillison.net/2023/Dec/15/writercom-indirect-prompt-injection/
Add comment