Major Android and iOS generative artificial intelligence app developer Vyro AI had 116 GB of user logs from its ImagineArt, Chatly, and Chatbotx apps inadvertently exposed in real-time by an unprotected Elasticsearch server, Cybernews reports.Up to a week's worth of logs in production and development environments, including AI prompts, bearer authentication tokens, and user agent information, were part of the misconfigured database, according to Cybernews researchers, who also noted the potential data exploitation for user behavior monitoring, data exfiltration, and account hijacking."Takeovers may result in access to full chat history, access to generated images, or could be abused to illegitimately purchase AI tokens, which could later be used for malicious purposes," researchers added.Such a development indicates the continued lack of AI safeguards, with ChatGPT and Grok found to have a feature that unintentionally revealed users' conversations on Google search, while Expedia's AI chatbot was discovered to answer queries about making Molotov cocktails.
AI/ML, Data Security
Misconfiguration prompts immense generative AI app data exposure

An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



