Johann Rehberger – Experimental News Clipping Site

Simon Willison’s Weblog: The Summer of Johann: prompt injections as far as the eye can see

Aug 15, 2025

—

by

Source URL: https://simonwillison.net/2025/Aug/15/the-summer-of-johann/#atom-everything Source: Simon Willison’s Weblog Title: The Summer of Johann: prompt injections as far as the eye can see Feedly Summary: Independent AI researcher Johann Rehberger has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different…

Simon Willison’s Weblog: I really don’t like ChatGPT’s new memory feature

May 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/May/21/chatgpt-new-memory/#atom-everything Source: Simon Willison’s Weblog Title: I really don’t like ChatGPT’s new memory feature Feedly Summary: Last month ChatGPT got a major upgrade. As far as I can tell the closest to an official announcement was this tweet from @OpenAI: Starting today [April 10th 2025], memory in ChatGPT can now reference all of…

Simon Willison’s Weblog: ChatGPT Operator: Prompt Injection Exploits & Defenses

Feb 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Feb/17/chatgpt-operator-prompt-injection/ Source: Simon Willison’s Weblog Title: ChatGPT Operator: Prompt Injection Exploits & Defenses Feedly Summary: ChatGPT Operator: Prompt Injection Exploits & Defenses As expected, Johann Rehberger found some effective indirect prompt injection strategies against OpenAI’s new Operator browser automation agent. Operator tends to ask for confirmation before submitting any information in a form.…

Slashdot: New Hack Uses Prompt Injection To Corrupt Gemini’s Long-Term Memory

Feb 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/02/12/0011205/new-hack-uses-prompt-injection-to-corrupt-geminis-long-term-memory?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: New Hack Uses Prompt Injection To Corrupt Gemini’s Long-Term Memory Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a newly demonstrated attack by researcher Johann Rehberger that compromises Google’s Gemini chatbot by manipulating its long-term memory functionality through untrusted document summarization. The attack bypasses existing prompt…

Simon Willison’s Weblog: ChatGPT Operator system prompt

Jan 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Jan/26/chatgpt-operator-system-prompt/#atom-everything Source: Simon Willison’s Weblog Title: ChatGPT Operator system prompt Feedly Summary: ChatGPT Operator system prompt Johann Rehberger snagged a copy of the ChatGPT Operator system prompt. As usual, the system prompt doubles as better written documentation than any of the official sources. It asks users for confirmation a lot: ## Confirmations Ask…

Simon Willison’s Weblog: Quoting Johann Rehberger

Dec 17, 2024

—

by

system automation

in Uncategorized

Source URL: https://simonwillison.net/2024/Dec/17/johann-rehberger/ Source: Simon Willison’s Weblog Title: Quoting Johann Rehberger Feedly Summary: Happy to share that Anthropic fixed a data leakage issue in the iOS app of Claude that I responsibly disclosed. 🙌 👉 Image URL rendering as avenue to leak data in LLM apps often exists in mobile apps as well — typically…

Simon Willison’s Weblog: Security ProbLLMs in xAI’s Grok: A Deep Dive

Dec 17, 2024

—

by

system automation

in Uncategorized

Source URL: https://simonwillison.net/2024/Dec/16/security-probllms-in-xais-grok/#atom-everything Source: Simon Willison’s Weblog Title: Security ProbLLMs in xAI’s Grok: A Deep Dive Feedly Summary: Security ProbLLMs in xAI’s Grok: A Deep Dive Adding xAI to the growing list of AI labs that shipped feature vulnerable to data exfiltration prompt injection attacks, but with the unfortunate addendum that they don’t seem to…

Simon Willison’s Weblog: ZombAIs: From Prompt Injection to C2 with Claude Computer Use

Oct 25, 2024

—

by

system automation

in Uncategorized

Source URL: https://simonwillison.net/2024/Oct/25/zombais/ Source: Simon Willison’s Weblog Title: ZombAIs: From Prompt Injection to C2 with Claude Computer Use Feedly Summary: ZombAIs: From Prompt Injection to C2 with Claude Computer Use In news that should surprise nobody who has been paying attention, Johann Rehberger has demonstrated a prompt injection attack against the new Claude Computer Use…

Tag: Johann Rehberger