Unlocking AI Functions: Your Attack Surface Guide #shorts

functions is a bit different and I would like to dive into this for just a second so you understand what those things are doing. Uh functions are basically um uh a way to tell the assistant I have this function and it's called weather data for example and what you're going to do with this is you are basically going to parameterize this function for me. So code let let me put it like this this function for me and then send it back to me so I can use this in my back end. So interfering with those functions is not giving you a code execution or something like that. It's just called a function but it's actually just a parameterized

JSON that is coming back that you're taking in your application and then working on those things. Right. Yeah. So let's have some functions. So uh let's have some functions. Exactly. [laughter] Let's have some examples. So, um, one example, I mean, we apply prompt injection here. Um, we're not going to dive deep into how prompt injection work and what you do. Just go on Twitter and search for prompt injection and you will find like loads and loads and loads of examples and then they like red team against this and then people find other stuff uh how they can bypass it. So, we're not going to dive into this. So once you apply prompt injection, something that is working very very

efficiently and effectively as I just said, um you can extract those functions and basically those functions are the attack surface of the application that you're targeting as an attacker because it tells you all of the capabilities and basically the procedures the the the the functionality that you can use and that's what we want to know as an attacker.