| ▲ | rwmj 3 hours ago | |||||||||||||||||||||||||||||||
Can they do anything about it? It's a fundamental flaw in how data is fed to LLMs. I'm getting PHP / SQL injection flashbacks. | ||||||||||||||||||||||||||||||||
| ▲ | zahlman 2 hours ago | parent | next [-] | |||||||||||||||||||||||||||||||
The described attack sounds like it's expecting the human to forget about having just clicked a UI element asking for a comment summary, and responding to a comment summary that tries to sound like an "important message from YouTube" as if it were actually such. It doesn't seem to involve the LLM actually having any agency to, for example, send an email to the creator. Mitigations would include ensuring it doesn't have that agency, and adding framing text to the reply, and perhaps disabling Markdown formatting of the reply. But also, the leak is being talked up quite a bit: > Private video titles aren't just metadata. They can reveal unreleased content, unannounced projects and sensitive personal material. Putting "sensitive personal material" in the title of a YouTube video upload and relying on YouTube to keep the video "private" seems like a terrible idea in the first place, and at best pointless. | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
| ▲ | Terr_ 2 hours ago | parent | prev [-] | |||||||||||||||||||||||||||||||
Yep, and worse because the entire product relies on injection to operate, because everybody's excited about the "flexibility" of just telling it what your want. | ||||||||||||||||||||||||||||||||