Cybersecurity firm Trail of Bits has unveiled a novel indirect prompt injection vulnerability leveraging image scaling, impacting major AI systems including Google's Gemini and Vertex AI. This attack exploits AI preprocessing, where downscaling an image reveals a hidden malicious prompt, leading the AI to execute unauthorized commands like sensitive data exfiltration. The technique is difficult to detect, particularly in command-line interfaces, highlighting a significant security concern for enterprises utilizing AI tools and their potential for covert data manipulation.
Cybersecurity firm Trail of Bits has identified a significant vulnerability in major AI systems, including Google's Gemini and Vertex AI, through a novel indirect prompt injection attack. This method exploits the common preprocessing step of image downscaling, where a malicious command, invisible in a high-resolution image, is revealed and executed by the AI model upon resizing. The demonstration of this attack successfully exfiltrating sensitive calendar data highlights a material risk for enterprise users, who are increasingly integrating these AI tools into core operations. The vulnerability's stealth nature, especially within command-line interfaces where the user does not see the altered image, exacerbates the threat. This finding, reflected in the strongly negative sentiment score (-0.7) for Alphabet (GOOGL), introduces a new security headwind for the company's critical AI product suite and reinforces the broader theme that securing AI models is a paramount and ongoing challenge for the industry.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.70
Ticker Sentiment
