Summary
Radware researchers discovered 'ZombieAgent,' a set of vulnerabilities in ChatGPT that use indirect prompt injection to steal data from connected enterprise apps and maintain persistence through memory modification. The attack bypasses URL restrictions and can spread autonomously by harvesting email contacts from a victim's inbox.
Take Action:
Another example of the inherent vulnerability of AI technology. Vendors of AI are racing to push out products with very limited controls and the users are at risk. Limit the data your AI agents can access by using the principle of least privilege for all app connectors. Turn off the 'Memory' feature if your team does not need the AI to remember details across different chat sessions to prevent persistent prompt injection. Limit the abilities of the Agents to not be able to impersonate you without enforced human review and decision.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)