low

Vertex AI Studio data exfiltration

Published Thu, Oct 19th, 2023
Platforms

Summary

In Vertex AI Studio, a Prompt Injection attack could cause the LLM to return markdown tags. This could have allowed an adversary whose data makes it into the chat context (e.g., via an uploaded file) to achieve exfiltration of the victim’s data by rendering hyperlinks. However, the severity of this issue is low, as there were no integrations that could pull remote content. This means Indirect Prompt Injection was not possible, and it would require the victim to copy the malicious prompt from elsewhere. A similar issue affected Azure AI.

Affected Services

Vertex AI Studio

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Entry Status
Finalized
Disclosure Date
Wed, Aug 30th, 2023
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Johann Rehberger