prompt-injection – Experimental News Clipping Site

Simon Willison’s Weblog: CaMeL offers a promising new direction for mitigating prompt injection attacks

Apr 11, 2025

—

by

Source URL: https://simonwillison.net/2025/Apr/11/camel/#atom-everything Source: Simon Willison’s Weblog Title: CaMeL offers a promising new direction for mitigating prompt injection attacks Feedly Summary: In the two and a half years that we’ve been talking about prompt injection attacks I’ve seen alarmingly little progress towards a robust solution. The new paper Defeating Prompt Injections by Design from Google…

Simon Willison’s Weblog: Model Context Protocol has prompt injection security problems

Apr 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/#atom-everything Source: Simon Willison’s Weblog Title: Model Context Protocol has prompt injection security problems Feedly Summary: As more people start hacking around with implementations of MCP (the Model Context Protocol, a new standard for making tools available to LLM-powered systems) the security implications of tools built on that protocol are starting to come…

Simon Willison’s Weblog: New audio models from OpenAI, but how much can we rely on them?

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Mar/20/new-openai-audio-models/#atom-everything Source: Simon Willison’s Weblog Title: New audio models from OpenAI, but how much can we rely on them? Feedly Summary: OpenAI announced several new audio-related API features today, for both text-to-speech and speech-to-text. They’re very promising new models, but they appear to suffer from the ever-present risk of accidental (or malicious) instruction…

Simon Willison’s Weblog: Apple Is Delaying the ‘More Personalized Siri’ Apple Intelligence Features

Mar 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Mar/8/delaying-personalized-siri/#atom-everything Source: Simon Willison’s Weblog Title: Apple Is Delaying the ‘More Personalized Siri’ Apple Intelligence Features Feedly Summary: Apple Is Delaying the ‘More Personalized Siri’ Apple Intelligence Features Apple told John Gruber (and other Apple press) this about the new “personalized" Siri: It’s going to take us longer than we thought to deliver…

Hacker News: Grok 3 is highly vulnerable to indirect prompt injection

Feb 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Feb/23/grok-3-indirect-prompt-injection/ Source: Hacker News Title: Grok 3 is highly vulnerable to indirect prompt injection Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights significant vulnerabilities in xAI’s Grok 3 related to indirect prompt injection attacks, especially in the context of its operation on Twitter (X). This raises critical security concerns…

Simon Willison’s Weblog: Grok 3 is highly vulnerable to indirect prompt injection

Feb 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Feb/23/grok-3-indirect-prompt-injection/#atom-everything Source: Simon Willison’s Weblog Title: Grok 3 is highly vulnerable to indirect prompt injection Feedly Summary: Grok 3 is highly vulnerable to indirect prompt injection xAI’s new Grok 3 is so far exclusively deployed on Twitter (aka “X"), and apparently uses its ability to search for relevant tweets as part of every…

Simon Willison’s Weblog: ChatGPT Operator: Prompt Injection Exploits & Defenses

Feb 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Feb/17/chatgpt-operator-prompt-injection/ Source: Simon Willison’s Weblog Title: ChatGPT Operator: Prompt Injection Exploits & Defenses Feedly Summary: ChatGPT Operator: Prompt Injection Exploits & Defenses As expected, Johann Rehberger found some effective indirect prompt injection strategies against OpenAI’s new Operator browser automation agent. Operator tends to ask for confirmation before submitting any information in a form.…

Embrace The Red: ChatGPT Operator: Prompt Injection Exploits & Defenses

Feb 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/ Source: Embrace The Red Title: ChatGPT Operator: Prompt Injection Exploits & Defenses Feedly Summary: ChatGPT Operator is a research preview agent from OpenAI that lets ChatGPT use a web browser. It uses vision and reasoning abilities to complete tasks like researching topics, booking travel, ordering groceries, or as this post will show,…

Slashdot: New Hack Uses Prompt Injection To Corrupt Gemini’s Long-Term Memory

Feb 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/02/12/0011205/new-hack-uses-prompt-injection-to-corrupt-geminis-long-term-memory?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: New Hack Uses Prompt Injection To Corrupt Gemini’s Long-Term Memory Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a newly demonstrated attack by researcher Johann Rehberger that compromises Google’s Gemini chatbot by manipulating its long-term memory functionality through untrusted document summarization. The attack bypasses existing prompt…

Embrace The Red: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ Source: Embrace The Red Title: Hacking Gemini’s Memory with Prompt Injection and Delayed Tool Invocation Feedly Summary: Imagine your AI rewriting your personal history… A while ago Google added memories to Gemini. Memories allow Gemini to store user-related data across sessions, storing information in long-term memory. The feature is only available to…

Tag: prompt-injection