Hypothesis

3 Matching Annotations

Last 7 days
www.csoonline.com www.csoonline.com

AI browsers can be tricked with malicious prompts hidden in URL fragments

1
1. tonz 29 Nov 2025
  
  in Public
  
  https://web.archive.org/web/20251129105205/https://www.csoonline.com/article/4097087/ai-browsers-can-be-tricked-with-malicious-prompts-hidden-in-url-fragments.html
  
  Named anchors in URLs can be used for prompt injection in AI browser assistants. # URL parts are only evaluated in browser, and not send to servers. AI assistants in browsers do read them though.
  
  ai-agents promptinjection browsers
Visit annotations in context

Tags

browsers

ai-agents

promptinjection

Annotators

tonz

URL

csoonline.com/article/4097087/ai-browsers-can-be-tricked-with-malicious-prompts-hidden-in-url-fragments.html
Apr 2023
greshake.github.io greshake.github.io

Prompt Injections are bad, mkay?

2
1. tonz 04 Apr 2023
  
  in Public
  
  https://web.archive.org/web/20230404050349/https://greshake.github.io/
  
  This site goes with this paper <br /> https://doi.org/10.48550/arXiv.2302.12173
  
  The screenshot shows a curious error which makes me a little bit suspicious: the reverse Axelendaer is not rednelexa, there's an a missing.
  
  prompting promptscams llm chatgpt promptinjection
2. tonz 04 Apr 2023
  
  in Public
  
  If allowed by the user, Bing Chat can see currently open websites.
  
  The mechanism needs a consent step from the user: to allow Bing Chat to see currently open websites. And one of those websites already open, needs to contain the promptinjection.
  
  promptscams promptinjection
Visit annotations in context

Tags

promptinjection

promptscams

chatgpt

llm

prompting

Annotators

tonz

URL

greshake.github.io/