‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT
securityweek
ChatGPT vulnerabilities could be exploited to exfiltrate user data and modify the agent’s long-term memory for persistence, web security firm Radware reports.
Widely adopted across enterprises worldwide, ChatGPT has broad access to internal applications, such as Gmail, GitHub, Jira, and Teams, and by default stores user conversations and sensitive information.
It also includes built-in functionality to browse the web, analyze files, and more, making it convenient and powerful, but also expanding the risks associated with its malicious use.
On Thursday, Radware disclosed a new indirect prompt injection technique that exploits ChatGPT vulnerabilities to exfiltrate user data and turn the AI agent into a persistent spy tool for attackers.
Called ZombieAgent, the attack relies on malicious emails and files to bypass OpenAI’s protections and exfiltrate data from the victim’s inbox and email address book, without user interaction.
In the first scenario detailed by Radware, the attacker exfiltrates sensitive ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE