GitHub Copilot Chat: From Prompt Injection to Data Exfiltration | allainews.com

s

June 16, 2024, 12:35 a.m. |

Simon Willison's Weblog simonwillison.net

GitHub Copilot Chat: From Prompt Injection to Data Exfiltration

Yet another example of the same vulnerability we see time and time again.

If you build an LLM-based chat interface that gets exposed to both private and untrusted data (in this case the code in VS Code that Copilot Chat can see) and your chat interface supports Markdown images, you have a data exfiltration prompt injection vulnerability.

The fix, applied by GitHub here, is to disable Markdown image references to untrusted …

ai build case chat code copilot copilot chat data data exfiltration example generativeai github github copilot chat llm llms markdown markdownexfiltration prompt prompt injection promptinjection security vs code vulnerability you

More from simonwillison.net / Simon Willison's Weblog

Si

llama.ttf 3 hours ago | simonwillison.net

action ai file fonts +15

Si

Quoting Andrew Ti 14 hours ago | simonwillison.net

ai andrew generativeai ones +6

Si

Quoting Shreya Shankar 1 day, 1 hour ago | simonwillison.net

ai found generativeai human +5

Si

Wikipedia Manual of Style: Linking 1 day, 5 hours ago | simonwillison.net

conversation grammar guide how to decide +7

Si

Datasette 0.64.8 1 day, 19 hours ago | simonwillison.net

code databases datasette issue +9

Si

Building search-based RAG using Claude, Datasette and Val.Town 1 day, 22 hours ago | simonwillison.net

ai annotatedtalks anthropic building +24

Si

Quoting Matt Levine 2 days, 13 hours ago | simonwillison.net

ai artificial artificial general intelligence build +11

Si

Val Vibes: Semantic search in Val Town 2 days, 17 hours ago | simonwillison.net

ai build building case +14

Si

Quoting Jeff Jarvis 2 days, 17 hours ago | simonwillison.net

ai ai training credible ethics +10

Senior Data Engineer

@ Displate | Warsaw

View on ai-jobs.net

Director of Data Science (f/m/x)

@ AUTO1 Group | Berlin, Germany

View on ai-jobs.net

Business Intelligence Analyst I [BI Analyst I]

@ Capitec Bank | Stellenbosch, Western Cape, ZA

View on ai-jobs.net

Data Governance Associate Director

@ Publicis Groupe | London, United Kingdom

View on ai-jobs.net

Technical Lead - Power BI

@ Birlasoft | INDIA - PUNE - BIRLASOFT OFFICE - HINJAWADI, IN

View on ai-jobs.net

Data Analyst

@ FirstRand Corporate Centre | 1 First Place, Cnr Simmonds & Pritchard Streets, Johannesburg, 2001

View on ai-jobs.net