Artificial Intelligence (AI) browsers are gaining traction, which means we may need to start worrying about the potential dangers of something called “prompt injection.”

Large language models (LLMs)—like the ones that power AI chatbots including ChatGPT, Claude, and Gemini—are designed to follow “prompts,” which are the instructions and questions that people provide when looking up info or getting help with a topic. In a chatbot, the questions you ask the AI are the “prompts.” But AI models aren’t great at telling apart the types of commands that are meant for their eyes only (for example, hidden background rules that come directly from developers, like “don’t write ransomware“) from the types of requests that come from users.

To showcase the risks here, the web browser developer Brave—which has its own AI assistant called Leo—recently tested whether it could trick an AI browser into reading dangerous prompts that harm users. And what the company found caused alarm, as they wrote in a blog this week:

“As users grow comfortable with AI browsers and begin trusting them with sensitive data in logged in sessions—such as banking, healthcare, and other critical websites—the risks multiply. What if the model hallucinates and performs actions you didn’t request? Or worse, what if a benign-looking website or a comment left on a social media site could steal your login credentials or other sensitive data by adding invisible instructions for the AI assistant?”

Prompt injection, then, is basically a trick where someone inserts carefully crafted input in the form of an ordinary conversation or data, to nudge or outright force an AI into doing something it wasn’t meant to do.

For an AI browser, part of the input is the content of the sites it visits. So, it’s possible to hide indirect prompt injections inside web pages by embedding malicious instructions in content that appears harmless or invisible to human users but is processed by AI browsers as part of their command context.

ai-pocalypse Welcome to the age of ouroboros. Google’s AI Overviews (AIOs), which now often appear at the top of organic search results, are drawing around 10 percent of their sources from documents written by ... other AIs, according to a recent report. [...]

[...] “Is there anyone here who's OK with the idea that they may wake up one day and find they have no one left in the organization who knows how to code?” asked Gartner distinguished VP analyst Daryl Plummer during the keynote speech of the firm’s Symposium conference in Australia yesterday. [...]

It was bound to happen. The Darwin Awards are being extended to include examples of misadventures involving overzealous applications of AI.

[...] As the organizers say: "Why stop at individual acts of spectacular stupidity when you can scale them to global proportions with machine learning?"

Explore the data sets
See whose work tech companies are using to train their generative-AI models. Search for authors, YouTube channels and creators, or screenwriters—for example, Zadie Smith, MrBeast, or Aaron Sorkin. AI companies may omit certain works when training, so the presence of a work in a data set is not definitive proof that it was used. Companies often use multiple data sets in training, so the absence of a given work is also not proof that it hasn't been used. Note that some data sets contain multiple copies of certain works. Read our FAQ for additional information.

School kids are now using the phrase 'that's so AI' to describe things they don't believe and are untrue.... there's hope for the next generation after all.

BBC News - Fears over AI bubble bursting grow in Silicon Valley

https://www.bbc.com/news/articles/cz69qy760weo

Speaking as one who was around during the Dot.Com bubble this scenario feels almost inevitable. [...]

The orange Don's trade sanctions are just starting to bite so the realisation that the US economy is weak could well be the precipitating factor.

Donald could well be the prick that bursts the AI bubble.