skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Researchers Identify Vulnerabilities in DeepSeek and Claude AI

/ 1 min read

🛡️ Security Flaw in DeepSeek AI Chatbot Exposed A recently discovered vulnerability in the DeepSeek AI chatbot could allow attackers to take control of user accounts through prompt injection attacks. Security researcher Johann Rehberger demonstrated that a specific input could trigger the execution of JavaScript code, leading to cross-site scripting (XSS) attacks that compromise user sessions. This flaw enables attackers to access sensitive data, including session tokens stored in local storage. Additionally, Rehberger highlighted similar risks in other AI tools, such as Anthropic’s Claude, which could be manipulated to execute malicious commands. Researchers also found that OpenAI’s ChatGPT could be tricked into rendering harmful external links, emphasizing the need for developers to treat AI outputs as untrusted data.

Source
{entry.data.source.title}
Original