Greshake hid a prompt on a website that he had created. He then visited that website using Microsoft’s Edge browser with the Bing chatbot integrated into it. The prompt injection made the chatbot generate text so that it looked as if a Microsoft employee was selling discounted Microsoft products. Through this pitch, it tried to get the user’s credit card information. Making the scam attempt pop up didn’t require the person using Bing to do anything else except visit a website with the hidden prompt.
In the past, hackers had to trick users into executing harmful code on their computers in order to get information. With large language models, that’s not necessary, says Greshake.
Comments are closed.