Bing Chat: Data Exfiltration Exploit Explained
mediumnewsLLM-Specific
security
Source: Embrace The RedJune 18, 2023
Summary
Bing Chat contained a prompt injection vulnerability (tricking an AI by hiding instructions in its input) where malicious text on websites could trick the AI into returning markdown image tags that send sensitive data to an attacker's server. When Bing Chat's client converts markdown to HTML, an attacker can embed data in the image URL, exfiltrating (stealing and sending out) information without the user knowing.
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Microsoft
Related Issues
Original source: https://embracethered.com/blog/posts/2023/bing-chat-data-exfiltration-poc-and-fix/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 85%