Stories by kerng

Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration

Hosting COM Servers with an MCP Server (AI-Powered Office Automation)

AI ClickFix: Hijacking Computer-Use Agents

ChatGPT: Dump all your memories and chat history for inspection

Latest Gemini models now follow invisible Unicode Tag instructions

Sneaky Bits: Advanced Data Smuggling using just two invisible Unicode characters

ChatGPT Operator: Prompt Injection Exploits and Defenses

Security ProbLLMs in XAI's Grok: A Deep Dive

How to Find XSS in 2024

Spyware Injection into ChatGPT's Long-Term Memory (SpAIware)

Microsoft Copilot: Prompt Injection, ASCII Smuggling and Exfiltration of Emails

Google Colab AI: Data Leakage Fixed. Some Risks Remain

Breaking Instruction Hierarchy in OpenAI's GPT-4o-mini

Prompt Injections in the Wild – Exploiting LLM Agents – Hitcon 2023 [video]

GitHub Copilot: From Prompt Injection to Data Exfiltration

Automatic Tool Invocation When Browsing with ChatGPT – Threats and Mitigations

Bobby Tables but with LLMs – Google NotebookML Data Exfiltration

ASCII Smuggler: Crafting and Decoding Invisible Text Using Unicode Tags

Prompt Injection exploit in Google Bard leads to data exfiltration

Analyze an image with ChatGPT and have your chat history stolen

1
2
3
4
5
6
7
8
9
10