Researchers Identify Vulnerabilities in DeepSeek and Claude AI
/ 1 min read
🛡️ Security Flaw in DeepSeek AI Chatbot Exposed A recently discovered vulnerability in the DeepSeek AI chatbot could allow attackers to take control of user accounts through prompt injection attacks. Security researcher Johann Rehberger demonstrated that a specific input could trigger the execution of JavaScript code, leading to cross-site scripting (XSS) attacks that compromise user sessions. This flaw enables attackers to access sensitive data, including session tokens stored in local storage. Additionally, Rehberger highlighted similar risks in other AI tools, such as Anthropic’s Claude, which could be manipulated to execute malicious commands. Researchers also found that OpenAI’s ChatGPT could be tricked into rendering harmful external links, emphasizing the need for developers to treat AI outputs as untrusted data.
