The dangerous “ForcedLeak” flaw in Salesforce’s Agentforce platform has been addressed with a patch, plugging a hole that made it possible for attackers to exfiltrate sensitive data via a prompt injection.
The “Man In The Prompt” prompt injection attacks consist of two proof-of-concept hacks that compromise ChatGPT and Google Gemini. Nearly all of the major LLM models are similarly vulnerable, however, and may be plugged into a broad assortment of data that attackers could trivially steal without being detected.
All of the big LLMs are vulnerable to a new type of prompt injection attack that targets their safety policies, according to security firm HiddenLayer. The attack essentially fully jailbreaks the AI models, exposing the system prompt as well as enabling all different types of dangerous requests.