Friday, September 13, 2024
10.5 C
London

Slack patches potential AI safety challenge

Update: Slack has printed an replace, claiming to have “deployed a patch to address the reported issue,” and that there isn’t at present any proof that buyer knowledge have been accessed with out authorization. Here’s the official assertion from Slack that was posted on its blog:

When we turned conscious of the report, we launched an investigation into the described situation the place, below very restricted and particular circumstances, a malicious actor with an current account in the identical Slack workspace might phish customers for sure knowledge. We’ve deployed a patch to handle the problem and haven’t any proof at the moment of unauthorized entry to buyer knowledge.

Below is the unique article that was printed.

When ChatGTP was added to Slack, it was meant to make customers’ lives simpler by summarizing conversations, drafting fast replies, and extra. However, in line with safety agency PromptArmor, attempting to finish these duties and extra might breach your non-public conversations utilizing a way known as “prompt injection.”

The safety agency warns that by summarizing conversations, it may well additionally entry non-public direct messages and deceive different Slack customers into phishing. Slack additionally lets customers request seize knowledge from non-public and public channels, even when the person has not joined them. What sounds even scarier is that the Slack person doesn’t must be within the channel for the assault to operate.

In principle, the assault begins with a Slack person tricking the Slack AI into disclosing a personal API key by making a public Slack channel with a malicious immediate. The newly created immediate tells the AI to swap the phrase “confetti” with the API key and ship it to a specific URL when somebody asks for it.

The state of affairs has two elements: Slack up to date the AI system to scrape knowledge from file uploads and direct messages. Second is a technique named “prompt injection,” which PromptArmor proved could make malicious hyperlinks which will phish customers.

The approach can trick the app into bypassing its regular restrictions by modifying its core directions. Therefore, PromptArmor goes on to say, “Prompt injection occurs because a [large language model] cannot distinguish between the “system prompt” created by a developer and the remainder of the context that’s appended to the question. As such, if Slack AI ingests any instruction through a message, if that instruction is malicious, Slack AI has a excessive probability of following that instruction as an alternative of, or along with, the person question.”

To add insult to harm, the person’s recordsdata additionally turn into targets, and the attacker who desires your recordsdata doesn’t even should be within the Slack Workspace to start with.

Source

Thank you for reading this post, don't forget to subscribe!

Hot this week

Strictly Come Dancing’s Kai Widdrington ‘gutted’ as he’s axed from main show line-up

Professional dancer Kai Widdrington has admitted he is 'gutted' he won't get a celebrity partner on this year's series of Strictly Come Dancing Source...

The best photo printers you can buy in 2024

The best photo printers deliver high-quality photo prints at home, in the office, or on the go. Here are some of our favorite photo printers. Source...

Kaduna smart city project to attract investments worth $150m – Gov

The Kaduna State Governor, Uba Sani, says he expects the Kaduna Smart City project to attract at least $150 million in Foreign Direct Investment and create...

I’m an A-list diamond dealer – here’s what I think of Holly Ramsay’s YELLOW ring

When Holly Ramsay announced her engagement to Adam Peaty, Instagram went wild for her stunning yellow diamond. So are coloured diamonds the latest social media wedding...

The best iPhone 16 Pro and Pro Max preorder deals and how to get them

Here's how to navigate the jungle that is iPhone 16 Pro and iPhone 16 Pro Max preorder deals. Source...

Topics

Strictly Come Dancing’s Kai Widdrington ‘gutted’ as he’s axed from main show line-up

Professional dancer Kai Widdrington has admitted he is 'gutted' he won't get a celebrity partner on this year's series of Strictly Come Dancing Source...

The best photo printers you can buy in 2024

The best photo printers deliver high-quality photo prints at home, in the office, or on the go. Here are some of our favorite photo printers. Source...

Kaduna smart city project to attract investments worth $150m – Gov

The Kaduna State Governor, Uba Sani, says he expects the Kaduna Smart City project to attract at least $150 million in Foreign Direct Investment and create...

I’m an A-list diamond dealer – here’s what I think of Holly Ramsay’s YELLOW ring

When Holly Ramsay announced her engagement to Adam Peaty, Instagram went wild for her stunning yellow diamond. So are coloured diamonds the latest social media wedding...

The best iPhone 16 Pro and Pro Max preorder deals and how to get them

Here's how to navigate the jungle that is iPhone 16 Pro and iPhone 16 Pro Max preorder deals. Source...

Comoros president wounded in knife attack

Comoros President Azali Assoumani was slightly wounded in a knife attack Friday, the presidency said, adding that the attacker had been arrested. “The President of the...

Paddy McGuinness and Chris Harris hit ‘career low’ as they shower together for BBC show

Paddy McGuinness and Chris Harris look downcast while contemplating why they agreed to take a shower together as part of their new lavish BBC travel show...

Pope back in Rome after four-nation Asia-Pacific tour

Pope Francis returned to Rome on Friday after a 12-day tour of the Asia-Pacific, defying health concerns to connect with believers from the jungle of Papua...

Related Articles