""While many have been discussing the privacy risks of people following the ChatGPT caricature trend, the prompt reveals something else alarming - people are talking to their LLMs about work," said Josh Davies, principal market strategist at Fortra, in an email to eSecurityPlanet. He added, "If they are not using a sanctioned ChatGPT instance, they may be inputting sensitive work information into a public LLM. Those who publicly share these images may be putting a target on their back for social engineering attempts, and malicious actors have millions of entries to select attractive targets from.""
"Davies explained, "If an attacker is able to take over the LLM account, potentially using the detailed information included in the image for a targeted social engineering attack, then they could view the prompt history and search for sensitive information shared with the LLM.""
"He also added, "This trend doesn't just highlight a privacy risk, but also the risk of shadow AI and data leakage in prompts - where organizations lose control of their sensitive data via employees irresponsibly using AI.""
A viral ChatGPT caricature trend prompts users to reveal job roles and AI interactions by sharing generated images and prompts publicly. Unsanctioned use of public LLMs can lead employees to input sensitive work information into services beyond organizational control. Publicly shared outputs create attractive targets for social engineering, and account takeover could expose prompt histories and any sensitive data submitted. The trend exemplifies shadow AI and increases the risk of data leakage through prompts. The OWASP LLM Top Ten lists Sensitive Information Disclosure as a top LLM risk, covering scenarios where entered data becomes accessible to unauthorized parties.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]