National Cyber Warfare Foundation (NCWF)

We Are Still Unable to Secure LLMs from Malicious Inputs
0 user ratings		2025-08-27 16:13:35
milo
Blue Team (CND) , Attacks

Nice indirect prompt injection attack:



Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document, Bargury hid a 300-word malicious prompt that contains instructions for ChatGPT. The prompt is written in white text in a size-one font, something that a human is unlikely to see but a machine will still read.


In a proof of concept video of the attack...



The post We Are Still Unable to Secure LLMs from Malicious Inputs appeared first on Security Boulevard.



Bruce Schneier

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/08/we-are-still-unable-to-secure-llms-from-malicious-inputs/?utm_source=rss&utm_medium=rss&utm_campaign=we-are-still-unable-to-secure-llms-from-malicious-inputs

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)
Attacks


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.