AI Systems Vulnerable to Prompt Injection via Image Scaling Attack

Posted on By CWS

Researchers have proven how in style AI methods will be tricked into processing malicious directions by an oblique immediate injection assault that includes picture scaling. 

Picture scaling assaults in opposition to AI should not a brand new idea, however consultants at cybersecurity analysis and consulting agency Path of Bits have now proven how the approach will be leveraged in opposition to trendy AI methods. 

AI merchandise, notably these that may course of massive photos, usually routinely downscale a picture earlier than sending it to the core AI mannequin for evaluation. 

Path of Bits researchers confirmed how risk actors can create a specifically crafted picture that accommodates a hidden malicious immediate. The attacker’s immediate is invisible within the high-resolution picture, but it surely turns into seen when the picture is downscaled by preprocessing algorithms. 

The low-resolution picture with the seen malicious immediate is handed on to the AI mannequin, which can interpret the message as a professional instruction. 

Path of Bits demonstrated the potential influence of the assault by hiding a textual content instructing the AI mannequin to exfiltrate the consumer’s calendar information.

AI instruments are more and more built-in with different options, notably in enterprise environments, and researchers frequently present how AI assistants will be abused for delicate information theft and manipulation by hidden prompts.  

Path of Bits mentioned its picture scaling assault works in opposition to the Gemini command-line interface (CLI), Gemini’s net and API interfaces, Vertex AI Studio, Google Assistant, Genspark, and certain different merchandise. Commercial. Scroll to proceed studying.

In some circumstances, notably when a CLI is used, the sufferer doesn’t see the rescaled picture (during which the malicious immediate is seen) earlier than it’s processed by the AI mannequin, which makes the assault try even much less prone to be found.

The safety agency has launched an open supply device named Anamorpher, which can be utilized by different researchers to craft and visualize picture scaling assaults in opposition to AI methods.

Associated: OneFlip: An Rising Risk to AI that Might Make Autos Crash and Facial Recognition Fail

Associated: GPT-5 Has a Vulnerability: Its Router Can Ship You to Older, Much less Secure Fashions

Associated: Purple Groups Jailbreak GPT-5 With Ease, Warn It’s ‘Practically Unusable’ for Enterprise

Security Week News Tags:, , , , , ,

Related Posts

WireTap Attack Breaks Intel SGX Security Security Week News
Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard  Security Week News
Hackers Stole Data From Public Safety Comms Firm BK Technologies Security Week News
Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products Security Week News
Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft Security Week News
AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure Security Week News