- IBM’s GenAI tool “Bob” is vulnerable to indirect, rapid injection attacks in beta testing
- CLI faces rapid injection risks; IDE exposed to AI-specific data exfiltration vectors
- Exploit requires “always allow” permissions, enabling arbitrary shell scripts and malware deployment
IBM’s Generative Artificial Intelligence (GenAI) tool, Bob, is susceptible to the same dangerous attack vector as most other similar tools – indirect prompt injection.
Indirect prompt injection is when the AI tool is allowed to read the content found in other apps, such as email or calendar.
A malicious actor can then send a seemingly benign email or calendar entry that has a hidden prompt that instructs the tool to do malicious things, such as exfiltrate data, download and run malware, or establish persistence.
Risky permissions
Recently, security researchers Prompt Armor published a new report stating that IBM’s encoding agent, which is currently in beta, can be accessed either via CLI (a terminal-based encoding agent) or IDE (an AI-powered editor). The CLI is vulnerable to rapid injection, while the IDE is vulnerable to “known AI-specific data exfiltration vectors”.
“We have chosen to publish this work to ensure that users are informed of the acute risks of using the system before its full release,” they said. “We hope that additional protections will be in place to mitigate these risks to IBM Bob’s General Access release.”
However, there is a big caveat here. In order for attackers to exploit this attack vector, users must first configure Bob to grant it broad permissions. Namely, the ‘always allow’ permission must be enabled – for any command.
That’s something, even for the least security-conscious users out there. Since the tool is still in beta, we don’t know if that permission is enabled by default, but we doubt it will be.
In any case, Prompt Armor says the vulnerability allows threat actors to deliver an arbitrary shell script payload to the victim, leveraging known and adapted malware variants to perform various cyberattacks, such as ransomware, credential theft, spyware, device takeover, botnet assimilation, and more.
Via; PromptArmor
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
