|
|
|
|
|
|
by sarelta
153 days ago
|
|
|
The attacker isn't the dev -- the attacker is a third party that poisoned the online data that is ingested by the AI tool. - Dev builds secure AI app
- App defends against indirect prompt injection in data from the internet
- Dev reviews the flagged log
- Log affected by the injection is rendered, and the attacker who wrote the injection in the web data exfiltrates the data from the AI app user |
|
|
The OSINT data seems to be the most likely source of the poisoned content. I guess you could bury that in a social media profile?