Ethical Hacking News
The Invisible Menace: Man-in-the-Prompt Threatens AI Security
A new type of attack is alarming the world of cyber security: it is called Man-in-the-Prompt and is capable of compromising interactions with leading generative artificial intelligence tools such as ChatGPT, Gemini, Copilot, and Claude. The attack does not even require a sophisticated attack: all it takes is a browser extension.
In this article, we will explore the details of the Man-in-the-Prompt threat, its risks, and how individuals and businesses can protect themselves from these attacks.
The "Man-in-the-Prompt" attack exploits vulnerabilities in AI tools' interaction with users, allowing attackers to inject malicious prompts and steal data. The attack is invisible and can be launched by any browser extension, even those without special permissions. 99% of business users have at least one extension installed in their browser, increasing the risk exposure. The attacks can compromise AI tools such as ChatGPT, Gemini, Copilot, and Claude, and steal sensitive data like source code or financial information. Mitigation strategies include checking installed extensions, limiting permissions, blocking or monitoring extensions on company devices, isolating AI tools from sensitive data, and using runtime security solutions.
The world of artificial intelligence (AI) has been shaken to its core by a new and insidious threat, one that exploits the very fabric of how we interact with these systems. Meet Man-in-the-Prompt, a type of attack that is not only invisible but also capable of compromising interactions with leading generative AI tools such as ChatGPT, Gemini, Copilot, and Claude.
According to LayerX Security experts, any browser extension, even one without special permissions, can access the prompts of both commercial and internal LLMs (Large Language Models) and inject them with malicious prompts to steal data, exfiltrate it, and cover their tracks. This attack vector has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini.
So, how does this attack work? The user opens ChatGPT or another AI tool in their browser. The malicious extension intercepts the text that is about to be sent. The prompt is modified, for example, to add hidden instructions (prompt injection) or exfiltrate data from the AI's response. The user receives a seemingly normal response, but behind the scenes, data has already been stolen or the session compromised.
This technique has been proven to work on all major AI tools, including ChatGPT, Gemini, Copilot, and Claude. According to LayerX, 99% of business users have at least one extension installed in their browser. In this scenario, the risk exposure is very high.
The concrete risks associated with Man-in-the-Prompt are serious, especially in the business world. The theft of sensitive data, manipulation of responses, and bypassing security controls are just a few examples of the potential consequences. If an AI processes confidential information (source code, financial data, internal reports), the attacker can read or extract this information through modified prompts.
To mitigate these risks, individual users can take several steps. Regularly check installed extensions and uninstall those that are not necessary. Do not install extensions from unknown or unreliable sources. Limit extension permissions whenever possible. For businesses, blocking or actively monitoring browser extensions on company devices is recommended. Isolating AI tools from sensitive data, when possible, can also help prevent attacks.
Furthermore, adopting runtime security solutions that monitor the DOM (Document Object Model) and detect manipulation in input fields can help prevent Man-in-the-Prompt attacks. Performing specific security tests on prompt flows, simulating injection attacks, is another measure that can be taken. The use of so-called prompt signing – digitally signing prompts to verify their integrity before sending – is also an emerging measure.
Finally, it is essential to recognize that prompt injection falls under the broader category of Man-in-the-Prompt threats, one of the most serious threats to AI systems according to the OWASP Top 10 LLM 2025. These attacks are not just technical but can also be hidden in seemingly harmless external content, such as emails, links, or comments in documents.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Invisible-Menace-Man-in-the-Prompt-Threatens-AI-Security-ehn.shtml
https://securityaffairs.com/181211/cyber-crime/man-in-the-prompt-the-invisible-attack-threatening-chatgpt-and-other-ai-systems.html
https://cybersecuritynews.com/man-in-the-prompt-attack/
https://malwaretips.com/blogs/how-to-remove-chatgpt-malware-virus-removal-guide/
https://iti.illinois.edu/news/chatgpt-malware
https://cybersecuritynews.com/google-gemini-for-workspace-vulnerability/
https://www.foxnews.com/tech/google-ai-email-summaries-can-hacked-hide-phishing-attacks
Published: Sat Aug 16 13:04:44 2025 by llama3.2 3B Q4_K_M
