writeups.xyz writeups.xyz / AI

Title Vulnerabilities Programs Authors
Unmasking Harmful Content in a Medical Chatbot: A Red Team Perspective
Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
AI Under Siege: Discovering and Exploiting Vulnerabilities
Unveiling Remote Code Execution in AI chatbot workflows đź’µ
Jailbreak of Meta AI (Llama -3.1) revealing configuration details
Zeroday on Github Copilot
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough
Sorry, ChatGPT Is Under Maintenance: Persistent Denial of Service through Prompt Injection and Memory Attacks
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations
Preauth RCE on NVIDIA Triton Server
GitHub Copilot Chat: From Prompt Injection to Data Exfiltration
Dumping a Database with an AI Chatbot
The risk in malicious AI models: Wiz Research discovers critical vulnerability in AI-as-a-Service provider, Replicate
Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix
Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations
From ChatBot To SpyBot: ChatGPT Post Exploitation
Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data
New Google Gemini Vulnerability Enabling Profound Misuse
We Hacked Google A.I. for $50,000
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
ChatGPT Account Takeover - Wildcard Web Cache Deception