Researchers have devised a new attack that exploits image resampling algorithms in AI systems to inject hidden prompts, potentially causing data leakage and unauthorized actions. This method can target various AI platforms, including Google Gemini CLI and Vertex AI Studio, highlighting the importance of secure design practices. #PromptInjection #ImageResampling
Keypoints
- Malicious prompts are embedded in images using full-resolution images that reveal hidden instructions after downscaling.
- The attack exploits aliasing artifacts introduced by resampling algorithms such as bicubic and bilinear interpolation.
- Researchers demonstrated successful exfiltration of data from AI systems like Google Gemini CLI and Vertex AI Studio through this method.
- Mitigation strategies include setting image dimension restrictions and providing previews of uploaded images to detect hidden instructions.
- The researchers recommend implementing secure design patterns and explicit user confirmation to defend against prompt injection attacks.