Techly NewsGet the app

Get the latest tech news

Data Exfiltration from Slack AI via indirect prompt injection


Authors: PromptArmor

This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. After August 14th, Slack also ingests uploaded documents, Google Drive files, etc which increases the risk surface area as we’ll address in section 3. If a user downloads a PDF that has one of these malicious instructions (e.g. hidden in white text) and subsequently uploads it to Slack, the same downstream effects of the attack chain can be achieved.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of data

data

Photo of Slack AI

Slack AI

Photo of attackers

attackers

Related news:

News photo

The Feds Are Skirting the 4th Amendment by Buying Data from Tech Companies

News photo

Reliant’s paper-scouring AI takes on science’s data drudgery

News photo

Dasel: Select, put and delete data from JSON, TOML, YAML, XML and CSV

« Microsoft launches unified Teams app for personal, work accounts
Atari Announces the 7800 Plus Console Coming This Winter »