Researchers from Radware discovered a new exploit chain called “ZombieAgent” that leverages ChatGPT’s long-term memory and connector features to enable more severe indirect prompt injection (IPI) attacks. By planting malicious instructions in ChatGPT’s memory, attackers can persistently exfiltrate sensitive information from connected platforms. OpenAI has addressed this exploit by restricting ChatGPT’s ability to modify URLs, but further structural fixes are needed to enhance the security of AI agents.
https://www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injection

