A new cyberattack method called Man in the Prompt leverages browser extensions to inject malicious instructions into AI tools like ChatGPT and Google Gemini, risking data exfiltration and manipulation. Security experts recommend monitoring DOM interactions and behavior-based extension blocking to protect sensitive information in AI-driven environments. #LayerX #ManInThePrompt #ChatGPT #GoogleGemini
Keypoints
- The Man in the Prompt attack exploits browser extensions to manipulate AI prompts and responses.
- It allows malicious actors to extract sensitive data and secretly inject harmful instructions into AI tools.
- Web browser DOM interactions are vulnerable, as extensions can read or alter prompt inputs without permissions.
- Traditional security tools like endpoint DLP are ineffective against these DOM-level attacks.
- Organizations should focus on in-browser behavior monitoring and real-time prompt tampering prevention.
Read More: https://hackread.com/browser-extensions-exploit-chatgpt-gemini-man-in-the-prompt/