> Attacker leaves the comment on a creator's video.
> Creator opens YouTube studio's comment tab.
> Creator clicks a suggested AI prompt (Designed by YouTube)
> Injection fires, attacker-controlled content appears in the response.
It's insane that YouTube doesn't see prompt injection as a bug.
Yeah, if going to site and just clicking a link given to me by the site itself is getting socially engineered, then something is very wrong with that site.
Well prompt injection is pretty much unfixable. So if they actually saw this as a security vulnerability they would have to remove this feature.
> It's insane that YouTube doesn't see prompt injection as a bug.
Insane but not unexpected, from the company who literally sang at us that “there’s no wrong way to prompt”.
I dunno this seems like a quite far fetched attack with minimal impact in the very unlikely case that it succeeds.
It opens a can of worms for them if they do consider prompt injection a bug because there's ultimately no defense. If they accept this, there are instantly hundreds of other moles they now have to whack or pay out for.
Or dismiss them all as social engineering and keep it moving.