All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Security Vulnerability: Hidden Prompt Injections in AI Image Processing Systems

By

tatersolid

9mo ago· 8 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Master baker tier. Every paragraph earns its place on the tray.

Score100TypeanalysisSentimentnegative

Summary

Researchers have discovered a security vulnerability in AI systems where attackers can embed hidden prompt injections in images that become visible when the images are scaled down for processing. This technique allows data exfiltration from systems including Google Gemini CLI, Vertex AI Studio, and other production AI platforms. The attack exploits how AI systems handle image preprocessing, and the blog post introduces Anamorpher, an open-source tool for generating these crafted images, along with mitigation strategies.

Key quotes

· 3 pulled
By delivering a multi-modal prompt injection not visible to the user, we achieved data exfiltration on systems including the Google Gemini CLI
This attack works because AI systems often scale down large images before sending them to the model: when scaled, these images can reveal prompt injections that are not visible at full resolution
We'll detail how attackers can exploit image scaling on Gemini CLI, Vertex AI Studio, Gemini's web and API interfaces, Google Assistant, Genspark, and other production AI systems
Snippet from the RSS feed
In this blog post, we’ll detail how attackers can exploit image scaling on Gemini CLI, Vertex AI Studio, Gemini’s web and API interfaces, Google Assistant, Genspark, and other production AI systems. We’ll also explain how to mitigate and defend against th

You might also wanna read

Prompt Injection Attacks: The Top Security Threat Hijacking AI Chatbots

Prompt injection attacks are a critical security vulnerability in AI systems where hidden instructions within user data (like emails or docu

buff.ly·6h ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

buff.ly·2d ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

theregister.com·1d ago

Security Researchers Discover ChatGPT Vulnerability That Could Extract Sensitive Gmail Data

Security researchers from Radware discovered a vulnerability called 'Shadow Leak' that allowed ChatGPT to be manipulated into extracting sen

The Verge·8mo ago

How hackers exploit AI chatbot personalities through prompt injection attacks

This article discusses how hackers are exploiting AI chatbot "personalities" through prompt injection and jailbreaking techniques. Initially

The Verge·7d ago

Google reports first evidence of hackers using AI to develop zero-day security exploit

Google has reported evidence of hackers using AI to develop a zero-day security vulnerability, marking the first time the company has observ

politico.com·5h ago