all AI news
Data exfiltration from Writer.com with indirect prompt injection
Simon Willison's Weblog simonwillison.net
Data exfiltration from Writer.com with indirect prompt injection
This is a nasty one. Writer.com call themselves a "secure enterprise generative AI platform", offering collaborative generative AI writing assistance and question answering that can integrate with your company's private data.
If this sounds like a recipe for prompt injection vulnerabilities, it is.
Kai Greshake and PromptArmor found exactly that. They identified a classic data exfiltration hole: Writer can summarize documents fetched from the web, so they hid the following instruction in …
ai data hacker llms prompt prompt injection promptinjection security writer writer.com