Latest in AI

Showing:prompt-injectionGeneralClear ×

🔥 Trending today

nvidia6 agentic-ai4 enterprise-ai4 microsoft-build3 rtx-spark3 security3 ai-agent3 fundraising3 ai-agents2 ai-assistant2

Topic

Release New Tool Tutorial Business Paper Benchmark Opinion Regulation

For

General Developers Designers Product Founders Marketing Researchers Students

Hackers Asked Meta AI for Access to High-Profile Instagram Accounts. It Worked★ 78
Simon Willison's Weblog22h agoIncident
Simon Willison highlights a 404 Media report about hackers taking over Instagram accounts through Meta's AI support bot. A video reportedly shows an attacker asking the bot to link a target account to a new email address and providing a code. Willison argues this barely qualifies as prompt injection: the core failure was granting a support bot enough authority to fast-forward the account recovery process.
Microsoft Copilot Cowork Exfiltrates Files★ 76
Simon Willison's Weblog7d agoIncident
Simon Willison summarizes a PromptArmor report about Microsoft Copilot Cowork and agentic data exfiltration risks. The issue involved agents sending messages to a user’s own inbox without approval, where rendered external images could trigger requests to attacker-controlled sites. Because OneDrive can create pre-authenticated download links, a successful prompt injection could leak links that allow attackers to download files.
Hackers are learning to exploit chatbot ‘personalities’ for security exploits★ 72
The Verge AI9d agoEthics
As AI chatbots adopt increasingly sophisticated personas, hackers are shifting from basic prompt injections to social engineering attacks targeting these "personalities." Researchers warn that manipulating a chatbot's defined role (e.g., customer service or empathetic companion) makes it easier to bypass safety guardrails. This evolution poses a significant threat to agentic AI workflows that rely on consistent role-playing and external data integration.
Google’s AI search is so broken it can ‘disregard’ what you’re looking for
The Verge AI10d agoIncident
Google 的 AI Overviews 搜尋功能近日被發現一項有趣的漏洞。當用戶在 Google 搜尋輸入「disregard」（忽略）時，AI 搜尋並非提供該單字的定義，而是將其誤判為「忽略先前指令」的系統提示詞（Prompt Injection）。這導致 AI 輸出類似傳統聊天機器人重設後的罐頭回覆，暴露出 Google 在區分「用戶查詢內容」與「系統控制指令」上仍有架構上的缺陷。
You can no longer Google the word ‘disregard’★ 75
TechCrunch AI11d agoIncident
Google 搜尋在進行 AI 相關更新後，被發現存在一個嚴重的介面錯誤：只要使用者輸入「disregard」（意為忽略）這個單字進行搜尋，整個搜尋介面就會直接崩潰。這項問題疑似與 Google 為了防止 AI 遭遇「提示詞注入」（Prompt Injection）攻擊而設定的過度防禦機制有關。目前該單字已無法正常進行 Google 搜尋。
Google I/O, Gemini Spark, Antigravity★ 75
Simon Willison's Weblog13d agoCommentary
Google 於 I/O 2026 發表對標 OpenClaw 的個人 AI 代理「Gemini Spark」，能原生串接 Gmail、雲端硬碟等服務。該代理運行於 Gemini 3.5 Flash 與全新「Antigravity」架構上。然而，Google 同時宣布將開源的 Gemini CLI 轉向閉源的 Antigravity CLI，且代理在處理敏感數據時的安全防護（如提示詞注入風險）仍面臨考驗。