Learn extra at:
Builders beware
AI instruments are all about dashing up and automating tedious and time consuming duties. Nonetheless, additionally they do the identical factor for prompt injection attackers. The exploit documented by Tracebit includes assumptions, however not unreasonable ones, that an attacker may exploit below real-world circumstances. In the meantime, the hunt is already underway to search out immediate injection flaws throughout a variety of contexts and instruments.
In brief, whereas Tracebit’s flaw is the primary found in Gemini CLI, it’s most likely not the final. The failings, categorized by Google as a excessive severity (V1) and precedence repair (P1), had been patched in Gemini CLI v0.1.14 launched on July 25, which is why we’re listening to about it now.
Past updating to the patched model of Gemini CLI, the perfect recommendation is all the time to run instruments in sandbox mode to isolate them from the host system. Google’s response to the disclosure, despatched to Tracebit, underlined the latter level: