Ian CampbellThis is fun. Google Gemini’s “Summarize email” function is vulnerable to invisible prompt injection utilized to deceive users, including with fake security alerts.
I continue to maintain that Apple’s slower march to AI puts them in a better place than the rest of the platforms rushing to create new user exposure for bad actors to exploit.
SANITIZE YOUR INPUTS.
Everyone rushing to LLM-ify everything forgot every lesson about input sanitization.
smdh.
Gaelan Steele@neurovagrant I mean the problem is it’s fundamentally impossible to sanitize LLM input because there are no clearly delineated rules for what does and doesnt have special significance to the LLM. it’s not like HTML where you filter a few special characters and bob’s your uncle
@neurovagrant (yes yes, correctly sanitizing HTML is surprisingly tricky and folks fuck it up regularly. compared to sanitizing LLM input, it’s easy!)