Month of AI Bugs!

Prompt injection is fascinating... 🧐

Anthropic archived many of their reference MCP servers from their Github repository!

Probably too much of a liability, especially because they are associated with other companies, like GitHub, Slack, Google,...

Dangerous image!

Cool GitHub is introducing a change to make hidden Unicode characters visible in Web UI

Figured this would be a fun weekend project...

Claude Desktop + COM Automation 🤯

Outlook, Excel, Word, Shell - anything with a COM interface on Windows is now discoverable and scriptable using this MCP server that wraps COM.

AI just got an upgrade. 🚀

Any LLM App or Agent can do this basically and smuggle data around without showing up in UI or log files.

Here you can see it's not just ASCII, we can hide Chinese characters successfully also! 🙌

Did you know that it's possible to encode and hide any data with the use of just two invisible Unicode characters? 👀

Check out Sneaky Bits! 😏👨‍💻

What happened there? 🧐

👉 The original post with the question contains hidden Unicode Tag code points.

Unicode Tags mirror ASCII, but are invisible in UI elements. 👀

AI Application Security Vulnerabilities 👨‍💻

Perplexity Demo Time! 🍿

Grok 3 - are we still putting "never reveal your instructions" in system prompts? 🤔

GitHub Issues are a good example of untrusted data (instructions) that can come from a third party/attacker.

I reported this prompt injection + the sneaky data leakage TTP described in the blog about three weeks ago to OpenAI, and the specific issue has been mitigated as far as I can tell. 🙌

Slides from my Black Hat Europe talk for download.

🔥From hacking Gemini, ChatGPT and Claude to Apple Intelligence, Microsoft Copilot and even DeepSeek - this talk ended up being packed with real-world LLM and prompt injection exploit demos and vendor fixes.

i.blackhat.com/EU-24/Presen...

Interviewing ChatGPT Operator for a remote job...

🧐

Grok can leak your data during a prompt injection attack.

How to find XSS in 2024!