AI Prompt Injection: The Critical Red Line #shorts

as an attacker if you would look into this and you see the word Eban and wallet you might want to think oh I actually really want to know what is the functionality of those things um but there was another one which is called Jew a very interesting function it looks pretty funny because this function starts a service for when a customer is moving and wants to get free moving boxes right so we kind of thought um yeah let's try that and you can actually just do it as you can just tell the GPT the call j which is the name of the function and it just calls the function whatever so it exactly knows yeah that I

have this function jof I'm calling it I need information to parameterize it give me give me the information that we need so we just talk um uh talk through this and just also give like an an address um give it an address give it all the specifics that we need and it basically tells us thank you very much um would you like to do anything else? And the process ends right there. So, and now and now there is actually out of this example that we're going to finish now, there is like a very very serious critical point popping out of this because this is the red line. And to be honest, this is the point that we want

to make on how you secure your AI because what happens next is that we get a mail from an actual human presumably. We don't know. We just we we were thinking about prompt injection that email also, but we we didn't. You get an email from a human that is actually saying uh with you're not in the database. We cannot find you. You you do not have this contract. We're sorry, but we cannot send you the moving boxes. And this is absolutely exactly how state-of-the-art right now and probably for the next years, you should implement your AI applications. You should not give it excessive authority on sending the [ __ ] moving boxes to somewhere. You should have a human check this stuff

and do not cross this red