Docker Fixes ‘Ask Gordon’ AI Flaw That Enabled Metadata-Based Attacks

Pillar Security has identified a critical indirect prompt injection vulnerability in Docker’s ‘Ask Gordon’ assistant. By poisoning metadata on Docker Hub, attackers could bypass security to exfiltrate private build logs and chat history. Discover how the “lethal trifecta” enabled this attack and why updating to Docker Desktop 4.50.0 is essential for developer security.

Cybersecurity researchers at Pillar Security, an AI software security firm, have found a way to trick Docker’s new AI agent, Ask Gordon, into stealing private information. The researchers discovered that the AI assistant could be manipulated through a method called indirect prompt injection.

This happens because the assistant has a “blind spot” in how it trusts information. As we know it, any AI tool becomes risky when it can access private data, read untrusted content from the web, and talk to external servers.

How Does It Work

Docker is a major platform used ...