Claude AI and other systems could be vulnerable to worrying command prompt injection attacks

11 December 2024, 01:57 published

[ad_1]

Security researchers tricked Anthropic’s Claude Computer Use to download and run malware
They say that other AI tools could be tricked with prompt injection, too
GenAI can be tricked to write, compile, and run malware, as well

In mid-October 2024, Anthropic released Claude Computer Use, an Artificial Intelligence (AI) model allowing Claude to control a device – and researchers have already found a way to abuse it.

Cybersecurity researcher Johann Rehnberger recently described how he was able to abuse Computer Use and get the AI to download and run malware, as well as get it to communicate with its C2 infrastructure, all through prompts.

While it sounds devastating, there are a few things worth mentioning here: Claude Computer Use is still in beta, and the company did leave a disclaimer saying that Computer Use might not always behave as intended: “We suggest taking precautions to isolate Claude from sensitive data and actions to avoid risks related to prompt injection.” Another thing worth noting is that this is a prompt injection attack, fairly common against AI tools.

“Countless ways” to abuse AI

Rehnberger calls his exploit ZombAIs, and says he was able to get the tool to download Sliver, a legitimate open source command-and-control (C2) framework developed by BishopFox for red teaming and penetration testing, but it is often misused by cybercriminals as malware.

Threat actors use Sliver to establish persistent access to compromised systems, execute commands, and manage attacks in a similar way to other C2 frameworks like Cobalt Strike.

Rehnberger also stressed that this is not the only way to abuse generative AI tools, and compromise endpoints via prompt injection.

“There are countless others, like another way is to have Claude write the malware from scratch and compile it,” he said. “Yes, it can write C code, compile and run it.”

“There are many other options.”

In its writeup, The Hacker News added DeepSeek AI chatbot was also found vulnerable to a prompt injection attack that could allow threat actors to take over victim computers. Furthermore, Large Language Models (LLM) can output ANSI escape code, which can be used to hijack system terminals via prompt injection, in an attack dubbed Terminal DiLLMa.

[ad_2]

Source link

Joy

Cong.

Loved

Surprised

Unliked

Mad

Claude AI and other systems could be vulnerable to worrying command prompt injection attacks

Comment

Claude AI and other systems could be vulnerable to worrying command prompt injection attacks

Write a Reply Cancel

You may be interested

The Galaxy S25 could have genuinely useful AI features that trump Apple Intelligence – including these 5 tricks

I’ve been waiting years for ChatGPT’s new Tasks feature – here’s how I’m planning to use it to organize my life

Wrexham’s new stadium plans get even BIGGER after Ryan Reynolds revealed vision for 55,000-seater ground

150TB SSD modules to go mainstream in 2025, and Micron is getting a slice of that pie

Nvidia abandons the problematic 12VHPWR RTX 4080 power connector with a much longer one for the RTX 5080 FE according to leaked images

Transfer news LIVE: Saudis set to offer Mohamed Salah £65m, Marcus Rashford EXCLUSIVE, Trent Alexander-Arnold TWIST

L’Oreal’s new skin testing suite paid me such a nice compliment, I nearly stole it from the demo room

Israel, Hamas appear to agree on tentative Gaza ceasefire deal: officials – National

Thousands of WordPress websites hit in new malware attack, here’s what we know

Privacy of millions worldwide compromised as huge data location broker got hacked

Claude AI and other systems could be vulnerable to worrying command prompt injection attacks

Share This Post

or copy the link

Related News

Write a Reply Cancel

You may be interested