Simon Willison
Here's the first proof of concept I've seen of a prompt injection attack against ChatGPT Plugins - the successful attack uses Zapier to access the user's email and then exfiltrates the data using WebPilot https://simonwillison.net/2023/May/19/chatgpt-prompt-injection/
Let ChatGPT visit a website and have your email stolen

Johann Rehberger provides a screenshot of the first working proof of concept I've seen of a prompt injection attack against ChatGPT Plugins that demonstrates exfiltration of private data. He uses …

May 19, 2023 at 3:50pmWeb
Show threadDavid CarrollMay 19, 2023

@simon @glynmoody

Apparently the industry did not learn a valuable lesson from the Cambridge Analytica scandal.

Show threadGlyn MoodyMay 19, 2023
@profcarroll it didn't want to, did it...? @simon
Show threadFlorian IdelbergerMay 19, 2023
@simon the next new thing ‘copy this into your chatgpt to do xyz… ‘
Show threadAbramMay 19, 2023
@simon A whole new world of attack vectors. Is there any way to structurally protect against this?
Show threadSimon WillisonMay 19, 2023
@AbramJackson not yet, which is really frustrating - I've wrote a bunch about that here: https://simonwillison.net/series/prompt-injection/
Simon Willison: Prompt injection

Simon Willison’s Weblog