News Score: Score the News, Sort the News, Rewrite the Headlines

Grok 3 is highly vulnerable to indirect prompt injection

Grok 3 is highly vulnerable to indirect prompt injection. xAI's new Grok 3 is so far exclusively deployed on Twitter (aka "X"), and apparently uses its ability to search for relevant tweets as part of every response. This is one of the most hostile environments I could imagine with respect to prompt injection attacks! Here, Fabian Stelzer notes that you can post tweets containing both malicious instructions and unique keywords in a way that will cause any future query to Grok that mentions those...

Read more at simonwillison.net

© News Score  score the news, sort the news, rewrite the headlines