Granular Web Request Triggering

Type: technique

Description: The adversary triggers the AI system to issue a web request to an attacker-controlled domain, using questions about the data to choose which URL will be browsed. The request is triggered by the client application with no user clicks required.

Version: 0.1.0

Created At: 2024-10-03 22:24:49 +0300

Last Modified At: 2024-10-03 22:24:49 +0300

External References

--> Exfiltration (tactic): An adversary can exfiltrate data by asking questions about it and using the answers to choose which URL will be visited.
<-- Exfiltration of personal information from ChatGPT via prompt injection (procedure): Triggering a web request to multiple website pages www.attacker.com/send/<code> where <code> is chosen based on the AI system's answer to the adversary questions. In this scenario, the researcher uses <code> to exfiltrate a single digit number of their postal code by choosing <code> with length proportional to that digit.

GenAI Attacks Matrix

Granular Web Request Triggering

External References

Related Objects

Related Frameworks