“What we found is that these AI agents can do something that was previously very difficult: starting from free text (like an anonymized interview transcript) they can work their way to the full identity of a person,” Simon Lermen, a co-author of the paper, told Ars. “This is a pretty new capability; previous approaches on… Read More: LLMs can unmask pseudonymous users at scale with surprising accuracy »
On Thursday, Google announced that “commercially motivated” actors have attempted to clone knowledge from its Gemini AI chatbot by simply prompting it. One adversarial session reportedly prompted the model more than 100,000 times across various non-English languages, collecting responses ostensibly to train a cheaper copycat. Google published the findings in what amounts to a quarterly… Read More: Attackers prompted Gemini over 100,000 times while trying to clone… »
The project developer for one of the Internet’s most popular networking tools is scrapping its vulnerability reward program after being overrun by a spike in the submission of low-quality reports, much of it AI-generated slop. “We are just a small single open source project with a small number of active maintainers,” Daniel Stenberg, the founder… Read More: Overrun with AI slop, cURL scraps bug bounties to ensure… »
Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a URL. The hackers in this case were white-hat researchers from security firm Varonis. The net effect of their multistage attack was that they exfiltrated data, including the target’s… Read More: A single click mounted a covert, multistage attack against Copilot »
ShadowLeak starts where most attacks on LLMs do—with an indirect prompt injection. These prompts are tucked inside content such as documents and emails sent by untrusted people. They contain instructions to perform actions the user never asked for, and like a Jedi mind trick, they are tremendously effective in persuading the LLM to do things… Read More: New attack on ChatGPT research agent pilfers secrets from Gmail… »
“AkiraBot’s use of LLM-generated spam message content demonstrates the emerging challenges that AI poses to defending websites against spam attacks,” SentinelLabs researchers Alex Delamotte and Jim Walter wrote. “The easiest indicators to block are the rotating set of domains used to sell the Akira and ServiceWrap SEO offerings, as there is no longer a consistent… Read More: OpenAI helps spammers plaster 80,000 sites with messages that bypassed… »
The resulting dataset, which reflected a distribution of attack categories similar to the complete dataset, showed an attack success rate of 65 percent and 82 percent against Gemini 1.5 Flash and Gemini 1.0 Pro, respectively. By comparison, attack baseline success rates were 28 percent and 43 percent. Success rates for ablation, where only effects of… Read More: Gemini hackers can deliver more potent attacks with a helping… »
[embedded content] Google Gemini: Hacking Memories with Prompt Injection and Delayed Tool Invocation. Based on lessons learned previously, developers had already trained Gemini to resist indirect prompts instructing it to make changes to an account’s long-term memories without explicit directions from the user. By introducing a condition to the instruction that it be performed only… Read More: New hack uses prompt injection to corrupt Gemini’s long-term memory »
Anthropic, founded by former OpenAI executives Dario and Daniela Amodei in 2021, will continue using Google’s cloud services along with Amazon’s infrastructure. The UK Competition and Markets Authority reviewed Amazon’s partnership with Anthropic earlier this year and ultimately determined it did not have jurisdiction to investigate further, clearing the way for the partnership to continue.… Read More: Amazon pours another $4B into Anthropic, OpenAI’s biggest rival »
With the character block sitting unused, a later Unicode version planned to reuse the abandoned characters to represent countries. For instance, “us” or “jp” might represent the United States and Japan. These tags could then be appended to a generic 🏴flag emoji to automatically convert it to the official US🇺🇲 or Japanese🇯🇵 flags. That plan… Read More: Invisible text that AI chatbots understand and humans can’t? Yep,… »