We hacked Google A.I.

This blog post gave me a great deal of self confidence.<p>While I have no doubts how good the author and his friends are, all of their ideas were quite intuitive and simple to understand.<p>The kind of &quot;I could&#x27;ve come with the same idea&quot; type. Realistically I would&#x27;ve not for many reasons but it is still stuff I can grasp and even gives me ideas while reading.<p>Which is different from the general hacker idea I have of someone in a basement exploiting extremely far fetched and hard to grasp for me memory corruptions in some cache dumping some random bytes like the very complex attacks like Spectre I&#x27;ve read about.<p>It also makes me think that if most of the applications I have worked on haven&#x27;t been attacked and easily exploited is because honestly nobody bothered.

So is the idea (for the last&#x2F;$20k one) that you would convince someone to paste your maliciously crafted prompt to steal their data?<p>The other post[0] of the same exploit is really interesting b&#x2F;c it reads instructions from a document. So if someone had something like &quot;find X in my documents&quot; and you shared the malicious document with them, it could trigger those instructions.<p>[0] <a href="https:&#x2F;&#x2F;embracethered.com&#x2F;blog&#x2F;posts&#x2F;2023&#x2F;google-bard-data-exfiltration&#x2F;" rel="nofollow">https:&#x2F;&#x2F;embracethered.com&#x2F;blog&#x2F;posts&#x2F;2023&#x2F;google-bard-data-e...</a>

This was a really interesting and also fun read. Btw, I am absolutely <i>loving</i> the design of this website.

Does anyone know what a &quot;markdown verbatism&quot; is?<p>In trying to find out what a &quot;verbatism&quot; the best I could do was a typo of &quot;verbatim&quot; but that doesn&#x27;t quite map to &quot;markdown formatted literal.&quot; Or maybe it&#x27;s the rendered form of the markdown literal?<p>Anyway, seemed like interesting and new vocabulary that was key to the one issue for sure.

I already prepared to make a rant with &quot;yet another cool-hacker invented prompt injection or discovered how LLM works&quot;, but was pleasantly surprised that it was not the case

&gt; The awesome part is that we could ask them any question about the applications, how they worked and the security engineers could quickly check the source code to indicate if we should dig into our ideas or if our assumptions are a dead end.<p>Wow. So this is basically around the same access as an internal red team. Simply amazing!

Great article! (shameless plug) As an alternative to &quot;Burp Extension Copy As Python-Requests&quot;, I coded this CLI tool that converts HAR to Python Requests code: <a href="https:&#x2F;&#x2F;github.com&#x2F;louisabraham&#x2F;har2requests">https:&#x2F;&#x2F;github.com&#x2F;louisabraham&#x2F;har2requests</a>

I love stuff like this. Once upon a time I thought I&#x27;d get more into hacking like this and started working on it... But then I changed jobs and never got back. This made me remember all those games of capture the flag in the 90s.

Loving that CSP bypass :-D

Unrelated to the article but the website design itself is top notch.

The best tidbit is the precomputed graphql queries. Just... why. One of those &quot;not even broken, but for the love of potatoes why&quot;.

I guess my favorite thing is that Google now uses GraphQL, but error code 13 is still &quot;INTERNAL&quot;.

You&#x27;ve got a cool website :D

Give me Josie kirkman Instagram

So now it&#x27;s not just Artificial Stupidity, but Artificial Insecurity.