A newly identified threat, “Man-in-the-Prompt,” targets major generative AI tools like ChatGPT and Google Gemini through browser extensions, enabling prompt injection attacks. Research from LayerX Security reveals that both malicious and compromised extensions can manipulate input fields in AI interfaces, using the Document Object Model (DOM) to execute these attacks. This vulnerability allows attackers to insert hidden instructions, intercept user queries, and extract sensitive data without detection. With 99% of enterprise users having browser extensions, the risk is significant, especially for proprietary internal tools. Traditional security measures fail to detect this manipulation, necessitating immediate action. Organizations should audit extensions, enforce least-privilege permissions, and adopt advanced data loss prevention (DLP) solutions. The “Man-in-the-Prompt” vulnerability emphasizes the critical need for robust security in AI workflows, marking a shift in threat strategies as enterprises increasingly rely on generative AI technologies. For more updates, follow us on X/Twitter and LinkedIn.
Source link
Share
Read more