Table of Contents
- Want Incredible AI Safety? Discover How to Easily Defeat ‘Man in the Prompt’ Attacks.
- How Does the Attack Work?
- The Dangers of a Hijacked Prompt
- Stealing Sensitive Information
- Manipulating AI Responses
- Taking Over Your Actions
- Widespread Impact
- How to Protect Yourself and Your Company
- Audit Your Browser Extensions
- Use Only Trusted Extensions
- Separate Your Browsing
- Implement Security Policies (for businesses)
Want Incredible AI Safety? Discover How to Easily Defeat ‘Man in the Prompt’ Attacks.
Large Language Models, or LLMs, are powerful AI tools that many people use daily. You might know them as ChatGPT, Gemini, or other assistants that help with writing, research, and more. As these tools become more common in our work and personal lives, they also attract new kinds of dangers. One of these is a sneaky attack called the “Man in the Prompt”.
This problem is a bit like the well-known “Man-in-the-Middle” attack, where a criminal secretly gets in the middle of a conversation to spy or change what is being said. The “Man in the Prompt” attack is similar but happens right inside your web browser. It uses browser extensions—the small tools you add to your browser for extra features—to carry out its mission.
How Does the Attack Work?
Imagine you are talking to an AI assistant through a chat window on a website. You type in a question or a command, known as a “prompt.” The “Man in the the Prompt” attack uses a malicious browser extension to secretly change your prompt before the AI even sees it.
Here is how it happens, step-by-step:
- An attacker gets control of a browser extension. This might be an extension they created to be harmful, or they could buy a popular, trusted extension and add bad code to it through an update.
- You have this extension installed in your browser. It seems to work fine, so you trust it.
- When you visit an AI website and type a prompt, the extension springs into action. It injects hidden instructions into what you typed.
- The AI receives the new, altered prompt and follows the secret instructions. You don’t see that anything has changed.
Because the attack happens on your computer, within your browser, it bypasses many traditional security systems that watch for outside threats. The AI tool and the website it’s on may not realize the prompt has been manipulated.
The Dangers of a Hijacked Prompt
This kind of attack is a serious threat because it can lead to several harmful outcomes, often without you ever knowing. The risks are significant, especially when you use AI for sensitive tasks related to your finances or work.
Stealing Sensitive Information
If you ask an AI to summarize a confidential work document or an email, an attacker could add a hidden command like, “and send a copy of this summary to the attacker’s server”. This could leak company secrets, financial data, or personal information.
Manipulating AI Responses
The attack can be used to change the answers the AI gives you. An attacker could make the AI provide false information or guide you to a malicious website.
Taking Over Your Actions
By injecting commands, an attacker could trick the AI into performing actions on your behalf, like sending emails or accessing other connected services, such as your cloud files.
Widespread Impact
This vulnerability affects many popular AI platforms, including ChatGPT, Google Gemini, Claude, and others that run in a browser, putting a vast number of users at risk.
Internal AI systems used by companies are especially attractive targets. These systems are often trained on valuable proprietary data, such as financial plans or secret product designs, making them a goldmine for an attacker.
How to Protect Yourself and Your Company
Defending against “Man in the Prompt” attacks requires being careful about what you allow to run in your browser. Here are some clear steps you can take:
Audit Your Browser Extensions
Regularly review the extensions you have installed. Remove any that you don’t recognize or no longer use. Be very careful with extensions that ask for permission to read or change data on all websites you visit.
Use Only Trusted Extensions
Stick to extensions from well-known, reputable developers. Be cautious of installing new or unknown tools, even if they seem useful.
Separate Your Browsing
Consider using a different web browser or a separate browser profile just for interacting with AI tools. This can help isolate them from potentially malicious extensions you might use for other tasks.
Implement Security Policies (for businesses)
Companies should enforce strict rules about which browser extensions employees can install. Using security tools that can monitor for strange behavior at the browser level can also help detect and block these kinds of attacks.
For businesses building their own internal LLMs, it is wise to take extra steps. This includes designing the AI environment to be isolated from the main browser activity and using analytics to spot unusual queries or data patterns that might signal an attack.