Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Security researchers used Chatgpt as a participant continuity to loot sensitive data from Gmail boxes without alerting users. The exploited security vulnerability is closed by Openai, but it is a good example of the new risks inherent to the artificial intelligence agent.
theft , It is called shade leakage and The security company Radware was published this weekDepending on Quirk on how artificial intelligence agents work. Artificial intelligence agents are assistants who can act on your behalf without continuous supervision, which means that they can browse the web and click on the links. Artificial intelligence companies operate them as a large son -in -law after users are allowed to reach personal emails, calendars, work documents, etc.
Radware researchers exploited this assistance through a form of attack called fast injection, as the instructions that make the agent work effectively to work for the attacker. It is impossible to prevent strong tools without prior knowledge of the exploitation Feedback counterfeit counterpartsand Implementing fraud operationsAnd Control a smart house. Users are often not fully aware, a mistake has occurred as instructions can be hidden in the sight of humans (for man), for example as a white text on a white background.
The double agent in this case was Openai’s Deep Research, an Amnesty International tool included in Chatgpt that was launched earlier this year. Radware researchers planted a quick injection in an email sent to the Gmail box, which the agent was able to reach. There, wait.
When the following user tries to use deep research, it will unintentionally spread the trap. The agent will face hidden instructions, which cost her to search for emails for human resources and personal details and smuggle them to infiltrators. The victim is still wise.
Getting an agent to go to the rogue – in addition to successfully managing the data that is not discovered, which companies can take steps to prevent – not an easy task and there was not much experience and error. The researchers said: “This process was a group of failed attempts, love barriers, and finally, penetration.”
Unlike most fast injections, the researchers said that Shadow is a leakage implemented on the cloud infrastructure in Openai and the data leaks directly from there. This makes it invisible for standard electronic defenses.
RadWare said that the study was an evidence of the concept and warned that other applications associated with deep research-including Outlook, GitHub, Google Drive, and Dropbox-may be vulnerable to similar attacks. They said: “The same technology can be applied to these additional conductors to get rid of sensitive intense business data such as contracts, customer notes or records.”
The researchers said that Openai has now connected the weakness that was marked with Radware in June.