New hack uses prompt injection to corrupt Gemini’s long-term memory
1 min read
Summary
A researcher has found a way to override security defences in Google’s chatbot platform Gemini, which could lead to the permanent planting of long-term memories in the chatbot, and influence it to act on false information or instructions in perpetuity.
This is the latest in a series of attacks on large language models (LLMs), which look for instructions in incoming data, even if it wasn’t intended to be a prompt, — so-called ‘indirect prompt injection’.
These attacks have led to the developers of these platforms having to play ‘whack-a-mole’, constantly working to plug new security holes as they are found.
The researcher in question had previously demonstrated a similar vulnerability in Microsoft’s Copilot chatbot, which led to the chatbot sending sensitive data to the attacker.
It is not known if the vulnerability in Gemini has been fixed.
