Exif Smuggling: PoC for Hiding Malicious Prompts in Image EXIF Metadata
Hacker News (AI keywords)4 days agoIncidentExif Smuggling is a security PoC showing how attackers can embed hidden instructions in image EXIF metadata fields to perform indirect prompt injection against vision-capable AI models. When AI systems parse images alongside their metadata, embedded malicious text may be processed as legitimate instructions, bypassing standard input filters. Developers building AI apps with image upload features should strip or sanitize EXIF data before passing content to language models.
I built a vulnerable app and spent $1,500 seeing if LLMs could hack it
Hacker News (AI keywords)10 days agoBenchmarkThe author built a vulnerable React Native app with a Python backend and a Firebase access-control flaw. GPT 5.5 solved 7 of 10 runs, while Deepseek and Claude variants solved fewer attempts. Many other models failed due to refusals, API-focused tunnel vision, false positives, or inability to use the exposed Firebase path correctly.
Google DeepMind 深化與英國 AI 安全研究所(UK AISI)的合作關係★ 75
Google DeepMind Blog185 days agoBusinessGoogle DeepMind has announced a deepened collaboration with the UK AI Security Institute (UK AISI), with both parties committing to joint work on critical AI…
用 RiskRubric.ai 推動 AI 安全民主化:Hugging Face 介紹全新開源風險評估框架★ 75
Hugging Face Blog269 days agoNew ToolWith the rapid proliferation of generative AI, AI safety has become a core concern that developers and enterprises can no longer ignore. However, traditional…
Hugging Face 推出 Red-Teaming 抗性排行榜:評估 LLM 抵禦惡意越獄與對抗性攻擊的能力★ 75
Hugging Face Blog842 days agoRelease### Background: The Shortcomings of Static Safety Evaluations As large language models (LLMs) are widely adopted across industries, AI safety has become an…
大型語言模型的紅隊演練(Red-Teaming LLMs)★ 75
Hugging Face Blog1,206 days agoTutorialWith the explosive growth of large language models (LLMs) such as ChatGPT, AI safety and ethics have become the most pressing concerns in the industry. This…