This talk explores advanced prompt injection exploits targeting widely used LLM applications, including Microsoft Copilot, Google Gemini, Google NotebookLM, Apple Intelligence, GitHub Copilot Chat, Anthropic Claude and others. Using real-world demonstrations, we will discuss the following threats in detail: - Misinformation, Phishing, and Scams: Including advanced techniques such as conditional instructions. - Automatic Tool Invocation: Exploiting tool integration to escalate privileges, extract sensitive data, or modify system configurations - Data Exfiltration: Leveraging strategies, such as markdown and hidden payloads, to bypass security controls and leak data. - SpAIware and Persistence: Manipulating LLM memory for long-term control and persistence. - ASCII Smuggling: How LLMs can hide secrets and craft hidden text invisible to users. For each threat category, we will discuss mitigations and show how vendors are addressing these vulnerabilities. By: Johann Rehberger | Security Researcher | Red Team Director, embracethered.com Full Abstract and Presentation Materials: Johann Rehberger | Security Researcher | Red Team Director, embracethered.com
source https://www.youtube.com/watch?v=84NVG1c5LRI
-
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies S...
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
No comments:
Post a Comment