logoalt Hacker News

wxwtoday at 5:48 PM5 repliesview on HN

> Attacker leaves the comment on a creator's video.

> Creator opens YouTube studio's comment tab.

> Creator clicks a suggested AI prompt (Designed by YouTube)

> Injection fires, attacker-controlled content appears in the response.

It's insane that YouTube doesn't see prompt injection as a bug.


Replies

jdifftoday at 6:03 PM

It opens a can of worms for them if they do consider prompt injection a bug because there's ultimately no defense. If they accept this, there are instantly hundreds of other moles they now have to whack or pay out for.

Or dismiss them all as social engineering and keep it moving.

Dylan16807today at 5:55 PM

Yeah, if going to site and just clicking a link given to me by the site itself is getting socially engineered, then something is very wrong with that site.

show 1 reply
muldvarptoday at 5:58 PM

Well prompt injection is pretty much unfixable. So if they actually saw this as a security vulnerability they would have to remove this feature.

show 1 reply
latexrtoday at 7:00 PM

> It's insane that YouTube doesn't see prompt injection as a bug.

Insane but not unexpected, from the company who literally sang at us that “there’s no wrong way to prompt”.

https://www.youtube.com/watch?v=9bBfYX8X5aU&t=48s

IshKebabtoday at 7:17 PM

I dunno this seems like a quite far fetched attack with minimal impact in the very unlikely case that it succeeds.