{"data":{"id":"0f043a9e-94a1-4236-b7ca-73fb5edc5bc5","title":"Hacking Google Bard - From Prompt Injection to Data Exfiltration","summary":"Google Bard's new Extensions feature allows it to access personal data like YouTube videos, Google Drive files, Gmail, and Google Docs. Because Bard analyzes this untrusted data, it is vulnerable to indirect prompt injection (a technique where hidden instructions in documents trick an AI into performing unintended actions), which a researcher demonstrated by getting Bard to summarize videos and documents.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/","publishedAt":"2023-11-03T19:00:01.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google Bard","Google Drive","Google Docs","Gmail","YouTube"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}