Clickable Link Rendering

Type: technique

Description: The adversary gets AI to present a URL to the user, which is rendered as a link, and can be clicked by a user. The URL leads to an attacker-controlled website, allowing the adversary to exfiltrate data through URL parameters. Variants include HTML tags and markdown.

The URL can also lead to controlled domain, where the URL is automatically chosen based on answers to a series of questions the AI system answers, allowing the adversary to leak the answers to those questions by the choice of a granular web link.

Version: 0.1.0

Created At: 2025-07-23 10:23:39 -0400

Last Modified At: 2025-07-23 10:23:39 -0400


External References