All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Notion AI Vulnerability Enables Data Exfiltration Through Prompt Injection Attacks

By

takira

4mo ago· 5 min readenInsight
Bagel score 92 of 100
92/100
Golden Brown
Bagelometer

Pulled from the oven just right. Trustworthy, fact-dense, deeply satisfying.

Score92TypeanalysisSentimentnegative

Summary

Notion AI has a security vulnerability that allows data exfiltration through indirect prompt injection attacks. The vulnerability occurs because AI document edits are saved before user approval, enabling attackers to embed malicious prompts in documents like resumes or web pages that can extract sensitive data. The researchers responsibly disclosed the issue via HackerOne, but Notion closed the finding as 'Not Applicable'. The article demonstrates how this could be exploited to steal hiring tracker data through a poisoned resume.

Key quotes

· 5 pulled
Notion AI is susceptible to data exfiltration via indirect prompt injection due to a vulnerability in which AI document edits are saved before user approval.
We responsibly disclosed this vulnerability to Notion via HackerOne. Unfortunately, they said 'we're closing this finding as `Not Applicable`'.
Stealing Hiring Tracker Data with a Poisoned Resume
The user uploads a resume (untrusted data) to their chat session.
Here, the untrusted data source is a resume PDF, but a prompt injection could be stored in a web page, connected data source, or a Notion page.
Snippet from the RSS feed
Notion AI is susceptible to data exfiltration via indirect prompt injection due to a vulnerability in which AI document edits are saved before user approval.

You might also wanna read

Prompt Injection Attacks: The Top Security Threat Hijacking AI Chatbots

Prompt injection attacks are a critical security vulnerability in AI systems where hidden instructions within user data (like emails or docu

buff.ly·7h ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

buff.ly·2d ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

theregister.com·1d ago

How hackers exploit AI chatbot personalities through prompt injection attacks

This article discusses how hackers are exploiting AI chatbot "personalities" through prompt injection and jailbreaking techniques. Initially

The Verge·7d ago

Google reports first evidence of hackers using AI to develop zero-day security exploit

Google has reported evidence of hackers using AI to develop a zero-day security vulnerability, marking the first time the company has observ

politico.com·6h ago