AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Bobby Tables but with LLM Apps - Google NotebookLM Data Exfiltration

mediumnewsLLM-Specific

securitysafety

Source: Embrace The RedApril 15, 2024

Summary

Google's NotebookLM is a tool that lets users upload files for an AI to analyze, but it's vulnerable to prompt injection (tricking the AI by hiding instructions in uploaded files) that can manipulate the AI's responses and expose what users see. The tool also has a data exfiltration vulnerability (attackers stealing information) when processing untrusted files, and there is currently no known way to prevent these attacks, meaning users cannot fully trust the AI's responses when working with files from unknown sources.

Classification

Attack Type

Prompt InjectionData Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

Affected Vendors

Google

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 85%