Scams & Phishing News Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack

[Brownie2019]

Content source

https://hackread.com/browser-extensions-exploit-chatgpt-gemini-man-in-the-prompt/

A new cyberattack method, dubbed Man in the Prompt, has been identified, allowing malicious actors to exploit common browser extensions to inject harmful instructions into leading generative AI tools like ChatGPT, Google Gemini, and others. This critical finding comes from a recent threat intelligence report by cybersecurity research firm LayerX.

According to researchers, it all starts with how most AI tools function within web browsers. Their prompt input fields are part of the web page’s structure (known as the Document Object Model, or DOM). This means that virtually any browser extension with basic scripting access to the DOM can read or alter what users type into AI prompts, even without requiring special permissions.

Read more:

Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

hackread.com