{"data":{"id":"5dda2386-84c2-4f49-b202-ccc635b3a8c5","title":"The dangers of AI agents unfurling hyperlinks and what to do about it","summary":"Unfurling is when an application automatically expands hyperlinks to show previews, which can be exploited in AI chatbots to leak data. When an attacker uses prompt injection (tricking an AI by hiding instructions in its input) to make the chatbot generate a link containing sensitive information from earlier conversations, the unfurling feature automatically sends that data to a third-party server, potentially exposing private information.","solution":"To disable unfurling in Slack Apps, modify the message creation function to include unfurl settings in the JSON object: set \"unfurl_links\": False and \"unfurl_media\": False when creating the message, as shown in the example code: def create_message(text): message = { \"text\": text, \"unfurl_links\": False, \"unfurl_media\": False } return json.dumps(message)","labels":["security","safety"],"sourceUrl":"https://embracethered.com/blog/posts/2024/the-dangers-of-unfurling-and-what-you-can-do-about-it/","publishedAt":"2024-04-03T04:00:48.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["prompt_injection","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Slack","LLM-powered Chatbots"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}