| ▲ | simonw 9 hours ago | |||||||
Yeah, gotta admit I'm a bit disappointed here. This was a run-of-the-mill SQL injection, albeit one discovered by a vulnerability scanning LLM agent. I thought we might finally have a high profile prompt injection attack against a name-brand company we could point people to. | ||||||||
| ▲ | jfkimmes 8 hours ago | parent | next [-] | |||||||
Not the same league as McKinsey, but I like to point to this presentation to show the effects of a (vibe coded) prompt injection vulnerability: https://media.ccc.de/v/39c3-skynet-starter-kit-from-embodied... > [...] we also exploit the embodied AI agent in the robots, performing prompt injection and achieve root-level remote code execution. | ||||||||
| ▲ | TheDong 8 hours ago | parent | prev | next [-] | |||||||
Github actions has had a bunch of high-profile prompt injection attacks at this point, most recently the cline one: https://adnanthekhan.com/posts/clinejection/ I guess you could argue that github wasn't vulnerable in this case, but rather the author of the action, but it seems like it at least rhymes with what you're looking for. | ||||||||
| ||||||||
| ▲ | danenania 8 hours ago | parent | prev [-] | |||||||
> I thought we might finally have a high profile prompt injection attack against a name-brand company we could point people to. These folks have found a bunch: https://www.promptarmor.com/resources But I guess you mean one that has been exploited in the wild? | ||||||||
| ||||||||