Experimental News Clipping Site

Tag: data leakage

  • Embrace The Red: Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/chatgpt-chat-history-data-exfiltration/ Source: Embrace The Red Title: Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection Feedly Summary: In this post we demonstrate how a bypass in OpenAI’s “safe URL” rendering feature allows ChatGPT to send personal information to a third-party server. This can be exploited by an adversary via a prompt injection…

  • Google Online Security Blog: Advancing Protection in Chrome on Android

    by

    Kurt Seifried
    in

    Source URL: https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html Source: Google Online Security Blog Title: Advancing Protection in Chrome on Android Feedly Summary: AI Summary and Description: Yes Summary: The text describes the integration of Google’s Advanced Protection Program into Android and Chrome, focusing on new security features aimed at safeguarding at-risk users, such as journalists and public figures. It highlights…

  • Embrace The Red: Security Advisory: Anthropic’s Slack MCP Server Vulnerable to Data Exfiltration

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/security-advisory-anthropic-slack-mcp-server-data-leakage/ Source: Embrace The Red Title: Security Advisory: Anthropic’s Slack MCP Server Vulnerable to Data Exfiltration Feedly Summary: This is a security advisory for a data leakage and exfiltration vulnerability in a popular, but now deprecated and unmaintained, Slack MCP Server from Anthropic. If you are using this MCP server, or run an…

  • The Register: Asana’s cutting-edge AI feature ran into a little data leakage problem

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/06/18/asana_mcp_server_bug/ Source: The Register Title: Asana’s cutting-edge AI feature ran into a little data leakage problem Feedly Summary: New MCP server was shut down for nearly two weeks Asana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations’ data, and the experimental…

  • Slashdot: How Do Olympiad Medalists Judge LLMs in Competitive Programming?

    by

    Kurt Seifried
    in

    Source URL: https://slashdot.org/story/25/06/17/149238/how-do-olympiad-medalists-judge-llms-in-competitive-programming?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: How Do Olympiad Medalists Judge LLMs in Competitive Programming? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a newly established benchmark demonstrating that large language models (LLMs) are not yet capable of outperforming elite human coders, particularly in problem-solving contexts. The findings indicate limitations in the…

  • Simon Willison’s Weblog: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/May/23/remote-prompt-injection-in-gitlab-duo/ Source: Simon Willison’s Weblog Title: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Feedly Summary: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft Yet another example of the classic Markdown image exfiltration attack, this time affecting GitLab Duo – GitLab’s chatbot. Omer Mayraz reports on how…

  • Wired: WhatsApp Is Walking a Tightrope Between AI Features and Privacy

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/whatsapp-private-processing-generative-ai-security-risks/ Source: Wired Title: WhatsApp Is Walking a Tightrope Between AI Features and Privacy Feedly Summary: WhatsApp’s AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks. AI Summary and Description: Yes Summary: The…

  • CSA: AI Red Teaming: Insights from the Front Lines

    by

    Kurt Seifried
    in

    Source URL: https://www.troj.ai/blog/ai-red-teaming-insights-from-the-front-lines-of-genai-security Source: CSA Title: AI Red Teaming: Insights from the Front Lines Feedly Summary: AI Summary and Description: Yes Summary: The text emphasizes the critical role of AI red teaming in securing AI systems and mitigating unique risks associated with generative AI. It highlights that traditional security measures are inadequate due to the…

  • Cloud Blog: Google Agentspace achieves FedRamp High authorization

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/public-sector/google-agentspace-achieves-fedramp-high-authorization/ Source: Cloud Blog Title: Google Agentspace achieves FedRamp High authorization Feedly Summary: We’re excited to announce that Google Agentspace is now authorized for FedRAMP High, bringing Google’s powerful search technology and agentic capabilities to the enterprise. Agentspace is available within Google Cloud’s Assured Workloads, expanding our AI portfolio for public sector organizations…

  • Slashdot: China Bans Compulsory Facial Recognition and Its Use in Private Spaces Like Hotel Rooms

    by

    Kurt Seifried
    in

    Source URL: https://yro.slashdot.org/story/25/03/24/1616232/china-bans-compulsory-facial-recognition-and-its-use-in-private-spaces-like-hotel-rooms?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: China Bans Compulsory Facial Recognition and Its Use in Private Spaces Like Hotel Rooms Feedly Summary: AI Summary and Description: Yes Summary: China has implemented stringent regulations governing the use of facial recognition technology, emphasizing the requirement of consent from individuals and the necessity of conducting impact assessments regarding…