**Fi, infosec-aspected 🏳️‍⚧️** @munin@infosec.exchange · Jun 08, 2024, 02:50

**Fi, infosec-aspected 🏳️‍⚧️** @munin@infosec.exchange · Jun 08, 2024, 02:50

Fi, infosec-aspected 🏳️‍⚧️ @munin@infosec.exchange

Jun 08, 2024, 02:50

Fi, infosec-aspected 🏳️‍⚧️ @munin@infosec.exchange

I wonder if you can coerce llm email autoresponders into revealing api keys or summat.

**Mauve 👁💜** @mauve@mastodon.mauve.moe · Jun 08, 2024, 03:31

**Mauve 👁💜** @mauve@mastodon.mauve.moe · Jun 08, 2024, 03:31

Jun 08, 2024, 03:31

Mauve 👁💜 @mauve@mastodon.mauve.moe

@munin Generally the tool calls are totally isolated from the text context so it's pretty unlikely. Then again if they use RAG yoy might be able to get it to fetch sensitive data if it exists in a connected database

**Fi, infosec-aspected 🏳️‍⚧️** @munin@infosec.exchange · Jun 08, 2024, 03:34

**Fi, infosec-aspected 🏳️‍⚧️** @munin@infosec.exchange · Jun 08, 2024, 03:34

Jun 08, 2024, 03:34

Fi, infosec-aspected 🏳️‍⚧️ @munin@infosec.exchange

@mauve

well that's the thing - if they've hooked it up to have access to the email corpus in order to generate replies, that means the training data's potentially got some interesting shit in it.

**Mauve 👁💜** @mauve@mastodon.mauve.moe · 2024-06-08T13:34:07Z

Mauve 👁💜 @mauve@mastodon.mauve.moe

@munin Yeah that'd be neat. I think there's a bunch if research out there to craft prompts to extract raw data. Personally I'd use an off the shelf model like phi3 with just a bit of prompting to save on costs 😅 Then again scammerd probably have enough resources for going all out.

Jun 08, 2024, 13:34 · · Tusky · · ·

Resources

Developers

What is Mastodon?

mastodon.mauve.moe

More…