Fun stuff from my team mates Rene Rehme @renereh1, Nina Piontek and @kantorkel:

linuzifer@23.social

"Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.”

We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research

We strolled through an enterprise AI assistant's backend, helped ourselves to full application takeover and access to every chat log, and had a Microsoft Entra ID dump for dessert — no prompt injection, no model tricks, no AI expertise required.

SRLabs (srlabs.de)

Security Research Labs (@srlabs@infosec.exchange)

We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :) Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required. For all we know, the poor agent was not at fault and may not have even been able to witness what was happening. https://srlabs.de/blog/hacking-ai-agent #AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure

Infosec Exchange (infosec.exchange)

odr_k4tana@infosec.exchange

@linuzifer @renereh1 @kantorkel django debug mode in owasp top 10 when?

CIRCLE WITH A DOT

Fun stuff from my team mates Rene Rehme @renereh1, Nina Piontek and @kantorkel:

We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research

Security Research Labs (@srlabs@infosec.exchange)

We don't need to hack your AI Agent to hack your AI Agent - SRLabs Research

Security Research Labs (@srlabs@infosec.exchange)