Slack AI Vulnerability Could Have Exposed Data From Private Channels: Report

The post Slack AI Vulnerability Could Have Exposed Data From Private Channels: Report appeared on BitcoinEthereumNews.com.

This article has been updated to note the vulnerability has been patched and to include a statement from Salesforce. Slack’s AI assistant had a security flaw that could let attackers steal sensitive data from private channels in the popular workplace chat app, security researchers at PromptArmor revealed this week. The vulnerability exploited a weakness in how the AI processes instructions, potentially compromising sensitive data across countless organizations. In response to the report, a spokesperson from Salesforce—which owns Slack—told Decrypt that the vulnerability had been fixed. “We launched an investigation into the described scenario where, under very limited and specific circumstances, a malicious actor with an existing account in the same Slack workspace could phish users for certain data,” the spokesperson said. “We’ve deployed a patch to address the issue and have no evidence at this time of unauthorized access to customer data.” Slack also posted an official update on the issue. Here’s how the hack worked. An attacker created a public Slack channel and posted a cryptic message that, in actuality, instructed the AI to leak sensitive info—basically replacing an error word with the private information. Image: PromptArmor When an unsuspecting user later queried Slack AI about their private data, the system pulled in both the user’s private messages and the attacker’s prompt. Following the injected commands, Slack AI provided the sensitive information as part of its output. The hack took advantage of a known weakness in large language models called prompt injection. Slack AI wasn’t able to distinguish between legitimate system instructions and deceptive user input, allowing attackers to slip in malicious commands that the AI then followed. This vulnerability was particularly concerning because it didn’t require direct access to private channels. An attacker only needed to create a public channel, which can be done with minimal permissions, to plant…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ August 23, 2024 9:16 pm