"Hacker plants false memories in ChatGPT to steal user data in perpetuity"
Flaw in long-term memory in chatbots that try too hard to be personal assistants?
"Rehberger found that memories could be created and permanently stored through indirect prompt injection, an AI exploit that causes an LLM to follow instructions from untrusted content such as emails, blog posts, or documents. The researcher demonstrated how he could trick ChatGPT into believing a targeted user was 102 years old, lived in the Matrix, and insisted Earth was flat and the LLM would incorporate that information to steer all future conversations. These false memories could be planted by storing files in Google Drive or Microsoft OneDrive, uploading images, or browsing a site like Bing -- all of which could be created by a malicious attacker."
Hacker plants false memories in ChatGPT to steal user data in perpetuity
