Bing Chat может извлекать личную информацию с помощью «косвенной инъекции подсказки»

[SKARDA]

Bing Chat может извлекать личную информацию через сайт с помощью нового класса уязвимостей «косвенная инъекция подсказки». Подробнее здесь - статья
Больше о новом векторе атаки в этом гитхаб - тут

 

[VarneyGreengrass]

Bing Chat can extract personal information through the site using a new class of vulnerabilities called "indirect hint injection". Read more here - the article. More about the new attack vector in this github here.

"Large Language Models (LLM) have made amazing progress in recent years. Most recently, they have demonstrated to answer natural language questions at a surprising performance level. In addition, by clever prompting, these models can change their behavior. In this way, these models blur the line between data and instruction. From "traditional" cybersecurity, we know that this is a problem. The importance of security boundaries between trusted and untrusted inputs for LLMs was underestimated. We show that Prompt Injection is a serious security threat that needs to be addressed as models are deployed to new use-cases and interface with more systems."

"If allowed by the user, Bing Chat can see currently open websites. We show that an attacker can plant an injection in a website the user is visiting, which silently turns Bing Chat into a Social Engineer who seeks out and exfiltrates personal information. The user doesn't have to ask about the website or do anything except interact with Bing Chat while the website is opened in the browser."

We can never have nice things... or trust Microsoft.

Online AI platforms are the cloud. Never trust an unknowable swirling cloud of strange computers (*looks at Tor with high suspicion*).

Local LLMs all the way. GPT4All on a local machine running any number of publicly released models is a much better option for anyone who cares the slightest bit about privacy and can afford even a used 4-year old RTX series card.

Maybe at some point here we will get a good new community-moderated web index that can be run offline.