CSP中的docs.google.com可啟用基於AI的數據洩漏

Hacker News·

Superhuman AI中的提示注入漏洞,利用了CSP規則允許從docs.google.com載入markdown圖片,使攻擊者能夠將用戶的敏感電子郵件數據洩漏到攻擊者的Google表單。

Simon Willison’s Weblog

Superhuman AI Exfiltrates Emails (via) Classic prompt injection attack:

When asked to summarize the user’s recent mail, a prompt injection in an untrusted email manipulated Superhuman AI to submit content from dozens of other sensitive emails (including financial, legal, and medical information) in the user’s inbox to an attacker’s Google Form.

To Superhuman's credit they treated this as the high priority incident it is and issued a fix.

The root cause was a CSP rule that allowed markdown images to be loaded from docs.google.com - it turns out Google Forms on that domain will persist data fed to them via a GET request!

Recent articles

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Hacker News

相關文章

  1. Superhuman AI 透過提示注入漏洞竊取電子郵件

    3 個月前

  2. Notion AI:未修補的數據洩露漏洞被揭露

    4 個月前

  3. 透過AI提示注入進行資料外洩

    8 個月前

  4. Claude AI API 可能被濫用於資料滲漏

    6 個月前

  5. 濫用 Notion 的 AI Agent 進行數據盜竊

    7 個月前