- IBM’s GenAI tool “Bob” is vulnerable to indirect prompt injection attacks in beta testing
- CLI faces prompt injection risks; IDE exposed to AI-specific data exfiltration vectors
- Exploitation requires “always allow” permissions, enabling arbitrary shell scripts and malware deployment
IBM’s Generative Artificial Intelligence (GenAI) tool, Bob, is susceptible to the same dangerous attack vector as most other similar tools – indirect prompt injection.
Indirect prompt injection is when the AI tool is allowed to read the contents found in other apps, such as email, or calendar.
A malicious actor can then send a seemingly benign email, or calendar entry, which has a hidden prompt that instructs the tool to do nefarious things, such as exfiltrate data, download and run malware, or establish persistence.
Risky permissions
Recently, security researchers Prompt Armor published a new report, stating that IBM’s coding agent, which is currently in beta, can be accessed either through CLI (a terminal-based coding agent), or IDE (an AI-powered editor). CLI is vulnerable to prompt injection, while IDE is vulnerable to “known AI-specific data exfiltration vectors”.
“We have opted to disclose this work publicly to ensure users are informed of the acute risks of using the system prior to its full release,” they said. “We hope that further protections will be in place to remediate these risks for IBM Bob’s General Access release.”
There is a major caveat here, though. For the attackers to leverage this attack vector, users must first configure Bob to grant it broad permissions. Namely, the ‘always allow’ permission needs to be enabled – for any command.
That’s quite the stretch, even for the least security-conscious users out there. Since the tool is still in beta, we don’t know if that permission is enabled by default, but we doubt it will be.
In any case, Prompt Armor says the vulnerability allows threat actors to deliver an arbitrary shell script payload to the victim, leveraging known and custom malware variants to conduct different cyberattacks, such as ransomware, credential theft, spyware, device takeover, botnet assimilation, and more.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/cuJ2nHdA2cLngX4bhsHsye-2560-80.jpg
Source link
