LIVE · cybersecurity feed

prompt injection

zeroday.news · 1d ago·high

CrowdStrike Uncovers New Prompt Injection Techniques

CrowdStrike has identified and cataloged 18 new prompt injection techniques, expanding their taxonomy to over 200 distinct methods. These new techniques, including Trigger-Activated Rule Addition and Algorithmic Payload Decomposition, highlight the evolving sophistication of attacks against AI systems. The company emphasizes the need for enhanced AI threat modeling, red teaming, detection engineering, and runtime visibility to combat these emerging threats.

zeroday.news · 75d ago·medium

AI threats in the wild: The current state of prompt injections on the web

Researchers at Google have investigated the prevalence of indirect prompt injection attacks on the public web. These attacks involve embedding malicious instructions within content that AI systems process, potentially causing them to execute unintended commands. The investigation aimed to determine if threat actors are actively exploiting this vulnerability beyond theoretical discussions.

zeroday.news · 75d ago·medium

AI threats in the wild: The current state of prompt injections on the web

Google's Threat Intelligence teams have analyzed the prevalence of indirect prompt injection (IPI) attacks on the public web. Their research indicates that while sophisticated IPI attacks are not yet widespread, there is a growing trend of experimentation by threat actors. The observed attacks range from harmless pranks and SEO manipulation to more concerning attempts at data exfiltration and system destruction, though current implementations are often simplistic.

zeroday.news · 97d ago·medium

Google Workspace’s continuous approach to mitigating indirect prompt injections

Google is detailing its ongoing efforts to combat indirect prompt injection attacks against its Workspace AI features, like Gemini. This type of attack manipulates AI behavior by inserting malicious instructions into the data or tools the AI uses, potentially without direct user interaction. Google employs a continuous improvement strategy, utilizing both human and automated red-teaming exercises to discover and defend against emerging threats.