[wunderwuzzi23]

Great to see this getting more traction.

Two things I wanted to add:

1) The image markdown data exfil was disclosed to OpenAI in April this year, but still no fix. It impacts all areas of ChatGPT (e.g. browsing, plugins, code interpreter - beta features) and now image analysis (a default feature). Other vendors have fixed this attack vector via stricter Content-Security-Policy (e.g Bing Chat) or not rendering image markdown.

2) Image based injection work across models, e.g. also applies to Bard and Bing Chat. There was a brief discussion on here in July about it (https://news.ycombinator.com/item?id=36718721) about a first demo.