Security News > 2022 > September > GPT-3 'prompt injection' attack causes bad bot manners
He likens prompt injection attacks to SQL injection, which can deliver sensitive information to an attacker if they input malicious code into a field that doesn't sanitize data.
Days after Willison's blog post, Twitter users attacked a GPT-3 bot designed to help run remote jobs called Remoteli.io, tricking it into doing things like taking responsibility for the Challenge space shuttle disaster, threatening Twitter users or proposing an overthrow of the Biden administration if it doesn't support remote work.
Along with offering some of the most thorough cheat prevention, kernel-mode software also widens the attack surface of a video game and makes it a good way to slip a rootkit into a target's computer.
We reported on just such an attack only a few weeks ago when popular online role-playing game Genshin Impact's kernel-mode anti-cheat code was found being used to inject a rootkit able to kill endpoint protection and install further malware.
Yang's office said the attack was "Not the first time the US government has carried out cyberattacks and theft of sensitive information against Chinese institutions."
Recent bad behavior from Avast includes the 2019 removal of its AVG Online Security extensions from the Firefox and Chrome stores following news the addons had been snooping on users' web browsing activity.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/09/19/in_brief_security/