|
|
|
|
|
|
by tadfisher
145 days ago
|
|
|
The post itself is pretty comprehensive. I'm not sure they need to pinpoint the exact attack surface in the TLDR, but your version isn't exactly correct as they point out three mitigations and only one of them is a CSP policy for the API Log viewer. |
|
|
The post got me now instead wondering how to not make people shallowly dismiss perfectly fine articles for dumb reasons, like I almost did. It's not even that unclear what the attack is, in the article's its opening when I look at it now again, and I now went around their posts to see how PromptArmor generally does their writing because I got curious about the writing part...
I've seen in the past vulnerabilities that were way overblown but hyped up, so this made me notice how that armor has made me be skeptical whenever some article like this feels it combines marketing + vulnerability reporting.