all AI news
AWS Fixes Data Exfiltration Attack Angle in Amazon Q for Business
Simon Willison's Weblog simonwillison.net
AWS Fixes Data Exfiltration Attack Angle in Amazon Q for Business
An indirect prompt injection (where the AWS Q bot consumes malicious instructions) could result in Q outputting a markdown link to a malicious site that exfiltrated the previous chat history in a query string.
Amazon fixed it by preventing links from being output at all - apparently Microsoft 365 Chat uses the same mitigation.
ai amazon aws bot business chat chat history data for business generativeai history llms markdown prompt prompt injection promptinjection query security string