If a user’s expectations about how a tool functions don’t match reality, you’ve got yourself a huge user experience and security problem.
Humans have built a schema around AI chat bots and do not expect their AI chat bot prompts to show up in a social media style Discover feed — it’s not how other tools function.
Because of this, users are inadvertently posting sensitive info to a public feed with their identity linked, including prompts with:
- exact medical issues
- federal crimes committed
- tax evasion
- home address
- interest in extramarital affairs
- sensitive court details
- private photos of unclothed children
- audio asking personal questions
- private upcoming travel plans
- questions about the legality of actions
- challenges in personal relationships
- feeling shame with disabilities

What do I recommend as next steps for Meta and other orgs considering a public AI chat bot prompt feed?
1. Pause the public Discover feed. Your users clearly don’t understand that their AI chat bot prompts have been made public.
2. Ensure all AI chat bot prompts are private by default. This goes for all future AI chat bots as well. Don’t wait for users to accidentally post their secrets publicly. Notice that humans interact with AI chatbots with an expectation of privacy, and meet them where they are at.
3. Alert users who have posted their prompts publicly and that their prompts have been removed for them from the feed to protect their privacy.

If I’m able to watch users inadvertently admitting to federal crimes and posting unclothed pictures of their children to the Meta AI Discover Prompt feed, they clearly don’t understand how it works!
Meta: Pause the product, bake in clear strong privacy, and help users fix their accidental prompt posts.
It’s time to make it right.

Here is a redacted user asking Meta AI about how to ask a judge to not sentence them to death for the murder of 2 people.
Clearly Meta users do not believe their Meta AI prompts are publicly available. This one is tied to the user’s identity with elements of their username which I’ve redacted.

If your family, friends, and coworkers aren’t aware that Meta AI chat bot prompts can be easily and accidentally posted to a social media-like feed, please inform them so they can keep their sensitive questions private.
Imagine if Google searches were surprisingly showing up on a new social media feed, this would devastate folks.

Ever seen a single QR code that can lead you to two different URLs? 🤯

Christian Walther just demoed that. He merged two QR codes in such a way that each “pixel” can be interpreted as black or white, depending on angle, focus settings, or even plain luck. Same device, same scanner - yet sometimes you get https://mstdn.social/@isziaui, other times it’s https://github.com/cwalther.

While this is currently just a wicked proof-of-concept, it’s a red flag for possible future scams

Check full thread: https://mstdn.social/@isziaui/113874436953157913

#socialengineering #threatintel #threatintelligence #programming

One of my favorite things to do is write books, specifically, books about Information Security. I've written a mixture of fiction and non-fiction titles over the years, that use a variety of techniques to teach folks about the industry.

You can find them wherever books are sold, and also Walmart for some reason!

Check out https://www.infosecdiaries.com/ to learn more about all of them.

#infosec #infosecreads #DFIR #BlueTeam #pentesting #DigitalForensics #cybersecurity