AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection

mediumnewsLLM-Specific

securityresearch

Source: Embrace The RedDecember 6, 2024

Summary

LLMs (large language models) can output ANSI escape codes (special control characters that modify how terminal emulators display text and behave), and when LLM-powered applications print this output to a terminal without filtering it, attackers can use prompt injection (tricking an AI by hiding instructions in its input) to make the terminal execute harmful commands like clearing the screen, hiding text, or stealing clipboard data. The vulnerability affects LLM-integrated command-line tools and applications that don't properly handle or encode these control characters before displaying LLM output.

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Affected Vendors

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 92%