Image Rendering

Type: technique

Description: The adversary gets AI to present an image to the user, which is rendered by the user's client application with no user clicks required. The image is hosted on an attacker-controlled website, allowing the adversary to exfiltrate data through image request parameters. Variants include HTML tags and markdown.

Version: 0.1.0

Created At: 2024-10-03 22:24:49 +0300

Last Modified At: 2024-10-03 22:24:49 +0300

External References

--> Exfiltration (tactic): An adversary can exfiltrate data by embedding it in the query parameters of an image, and getting AI to render it.
--> Content Security Policy (mitigation): Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.
<-- GitHub Copilot Chat: From Prompt Injection to Data Exfiltration (procedure): Rendering an image hosted on an attacker controlled domains with encoded data as a parameter, resulting in 0-click data exfiltration.

GenAI Attacks Matrix

Image Rendering

External References

Related Objects

Related Frameworks