- IBM’s GenAI Tool ‘Bob’ Is Vulnerable to Indirect Rapid Injection Attacks During Beta Testing
- CLI faces risks of rapid injection; IDE exposed to AI-specific data exfiltration vectors
- Exploitation requires “always allow” permissions, allowing arbitrary shell scripts and malware deployment.
IBM’s generative artificial intelligence (GenAI) tool, Bob, is susceptible to the same dangerous attack vector as most other similar tools: indirect prompt injection.
Indirect prompt injection occurs when the AI tool is allowed to read content found in other apps, like email or calendar.
A malicious actor can then send a seemingly innocuous email, or calendar entry, containing a hidden prompt that instructs the tool to perform nefarious tasks, such as exfiltrating data, downloading and executing malware, or establishing persistence.
Risky permissions
Recently, security researchers Prompt Armor released a new report stating that IBM’s Coding Agent, currently in beta, can be accessed either via CLI (a terminal-based Coding Agent) or IDE (an AI-powered editor). CLI is vulnerable to rapid injection, while IDE is vulnerable to “known AI-specific data exfiltration vectors.”
“We chose to disclose this work publicly to ensure that users are aware of the acute risks of using the system before its full release,” they said. “We hope that additional protections will be put in place to address these risks for IBM Bob’s General Access version.”
There is, however, a major caveat here. For attackers to exploit this attack vector, users must first configure Bob to grant him extended permissions. Namely, the “always allow” permission must be enabled – for any command.
This is quite a challenge, even for the least security-conscious users. Since the tool is still in beta, we don’t know if this permission is enabled by default, but we doubt it is.
In any case, Prompt Armor claims that the vulnerability allows threat actors to deliver an arbitrary shell script payload to the victim, leveraging known and custom malware variants to carry out different cyberattacks, such as ransomware, credential theft, spyware, device takeover, botnet assimilation, and more.
Via; PromptArmor
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
