| Blog | https://embracethered.com |
π₯ New blog post: AI ClickFix!
Explores how classic ClickFix social engineering attacks can target AI agents, like Claude Computer-Use.
Learn what ClickFix is, how it works in detail, and see a working proof-of-concept. Scary stuff. π
https://embracethered.com/blog/posts/2025/ai-clickfix-ttp-claude/
π₯ SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications π₯
π Black Hat posted my talk to YouTube - Enjoy!πΏπ
A wild journey of exploits, peaking in compromising ChatGPT's long term memory for continuous remote command and control! π±
Some LLM vendors fixed this at the API level, but not all.
This leaves the responsibility to know about this attack vector and mitigate it with developers & testers.
AI Application Security is a thing!
Trust No AI
So, we humans don't see these Unicode Tags, but many LLMs do.
And LLMs not only see them, they follow the hidden instructions! β οΈ
Here the actual post that Ask Perplexity made.
It's a common vulnerability in AI applications & agents.
Many "summarize this email" or "summarize this document", "do sentiment analysis" features are vulnerable to this
What happened there? π§
π The original post with the question contains hidden Unicode Tag code points.
Unicode Tags mirror ASCII, but are invisible in UI elements. π
AI Application Security Vulnerabilities π¨βπ»
Learn the hacks, stop the attacks!
Perplexity Demo Time! πΏ
Check out my latest blog post called Terminal DiLLMa π₯
Learn the dangers of printing LLM output to the terminal console or log files!
Includes some neat demos and also how to fix your LLM powered CLI apps!
#pentest #bugbounty #ai #ml #redteam
https://embracethered.com/blog/posts/2024/terminal-dillmas-prompt-injection-ansi-sequences/
DeepSeek AI: From Prompt Injection to Account Takeover π₯
Found this fun big, disclosed it and it's now fixed.
