The Register writes that a popular AI work caricature trend on social media, where users ask ChatGPT to create images based on personal and professional information, presents potential security risks. Security analyst Josh Davies warns that this practice can expose individuals and their employers to social engineering attacks, LLM account takeovers, and the theft of sensitive data.The trend involves users sharing AI-generated caricatures based on prompts like "create a caricature of me and my job based on everything you know about me." Davies explained that if an attacker gains access to a user's LLM account, they could view the prompt history, potentially revealing sensitive employer information. With millions of these images shared on platforms like Instagram, attackers can gather clues about individuals' professions and LLM usage. This information, combined with social media profiles, can be used to deduce email addresses through open-source intelligence, facilitating spear-phishing and social engineering attacks. The ultimate goal could be to steal corporate data from prompt histories for fraud, extortion, or resale.The widespread use of personal LLM accounts for work-related tasks, often without corporate oversight, highlights a critical gap in visibility and governance. Organizations must implement policies to identify and manage AI tool usage, limiting access to sensitive systems and data.Source: The Register
You can skip this ad in 5 seconds




