This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats

When talking with a chatbot, you might inevitably give up your personal information—your name, for instance, and maybe details about where you live and work, or your interests. A group of security researchers from the University of California, San Diego and Nanyang Technological University in Singapore are now revealing a new attack that secretly commands an LLM to gather your personal information—including names, ID numbers, payment card details, email addresses, mailing addresses, and more—from chats and send it directly to a hacker. “The effect of this particular prompt is essentially to manipulate the LLM agent to extract personal information from the conversation and send that personal information to the attacker’s address,” says Xiaohan Fu, the lead author of the research and a computer science PhD student at UCSD. “We hide the goal of the attack in plain sight.” The eight researchers behind the work tested the attack method on two LLMs, LeChat by French AI giant Mistral AI and Chinese chatbot ChatGLM. In both instances, they found they could stealthily extract personal information within test conversations—the researchers write that they have a “nearly 80 percent success rate.” Mistral AI tells WIRED it has fixed the security vulnerability—with the researchers confirming the company disabled one of its chat functionalities.