| ▲ | zahlman 2 hours ago | ||||||||||||||||
The described attack sounds like it's expecting the human to forget about having just clicked a UI element asking for a comment summary, and responding to a comment summary that tries to sound like an "important message from YouTube" as if it were actually such. It doesn't seem to involve the LLM actually having any agency to, for example, send an email to the creator. Mitigations would include ensuring it doesn't have that agency, and adding framing text to the reply, and perhaps disabling Markdown formatting of the reply. But also, the leak is being talked up quite a bit: > Private video titles aren't just metadata. They can reveal unreleased content, unannounced projects and sensitive personal material. Putting "sensitive personal material" in the title of a YouTube video upload and relying on YouTube to keep the video "private" seems like a terrible idea in the first place, and at best pointless. | |||||||||||||||||
| ▲ | pa7ch 11 minutes ago | parent | next [-] | ||||||||||||||||
Its not hard to imagine this is a serious risk in some cases. For example: A youtuber essentially working as a journalist made a big story recently about some illegal actions of a lying and litigious company (Bricks and Minifigs story). The youtuber has a 3rd video ready for when his gag order drops, if that were to be released early he could find himself in jail. | |||||||||||||||||
| ▲ | Terr_ 2 hours ago | parent | prev [-] | ||||||||||||||||
That sounds a bit like "nobody would ever fall for a phishing email." I don't think we should overestimate the technical sophistication and unceasing vigilance of the average YouTube user. Even if it's just a non-clickable link to "more information", some data can be exfiltrated that way. | |||||||||||||||||
| |||||||||||||||||