linuzifer

Fun stuff from my team mates Rene Rehme @renereh1, Nina Piontek and @kantorkel:

"Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.”

https://srlabs.de/blog/hacking-ai-agent

https://infosec.exchange/@srlabs/116243968443532012

We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research

We strolled through an enterprise AI assistant's backend, helped ourselves to full application takeover and access to every chat log, and had a Microsoft Entra ID dump for dessert — no prompt injection, no model tricks, no AI expertise required.

SRLabs
Mar 17 at 10:15amWeb
Show threadOliver D. ReithmaierMar 17
@linuzifer @renereh1 @kantorkel django debug mode in owasp top 10 when?
Show threaddavdMar 17
@odr_k4tana @linuzifer @renereh1 @kantorkel Hopefully alongside the Spring Boot Actuator ðŸĪŠ
Show threadkantorkel6d ago
@_davd @odr_k4tana @linuzifer @renereh1 and Symfony Profiler