==============================
== #Probllama by OpenShield ==
==============================

ChatGPT Prompt Injection Attack via Single-Pixel Image

A new prompt injection attack targets users of the ChatGPT web version, allowing modification of chatbot answers with an invisible single-pixel markdown image that exfiltrates sensitive chat data to a malicious third-party. The attack can be extended to affect all future answers and make the injection persistent. It combines a set of tricks to deceive users without exploiting any vulnerabilities.

The attack scenario involves a user copying text from an attacker’s website, with the malicious prompt injected into the copied text. When the user sends this text to ChatGPT, the chatbot appends a single-pixel image to its response, sending the sensitive data to the attacker’s server. This can lead to sensitive data leakage, insertion of phishing links, and pollution of ChatGPT output.

More details here