This video highlights the various data exfiltration vulnerabilities I discovered and responsibly disclosed to Microsoft, Anthropic, ChatGPT and Plugin Developers.

It also briefly discusses mitigations various vendors put in place (and triage decisions).

Thanks to MSRC, Anthropic and Zapier for addressing vulnerabilities to help protect their users.

Let’s hope it inspires OpenAI to mitigate the image markdown injection issue finally as well. It’s rated as a CVSS High scored vulnerability basically and was first reported to them on April, 9th 2023 - the triage decision was “won’t fix”.

References

Detailed write up of each scenario, bug report and response:

• Microsoft - Bing Chat (fixed)
• Anthropic - Claude (fixed)
• Plugin Vendor Email Exfil (fixed)
• OpenAI - ChatGPT (won’t fix)