One Prompt HACKED Lenovo’s Chatbot

Описание: Researchers uncovered a critical cross-site scripting (XSS) vulnerability in Lenovo’s AI chatbot (reported by CyberNews). With one ~400-character prompt, they instructed the bot to output HTML, triggered a malicious injection trap, and exfiltrated active session cookies as soon as the conversation opened. When the chat moved to a human support agent, the attack could capture that agent’s cookies too. Root causes: weak input/output sanitisation and classic LLM “people-pleasing” behaviour. Potential impact: data theft, support system compromise, and lateral movement inside a network. In this video, I break down what happened, why it matters, and concrete areas where ethical hackers and bug bounty hunters can help organisations secure AI implementations.

// David's SOCIAL //
Discord:   / discord  
X:   / davidbombal  
Instagram:   / davidbombal  
LinkedIn:   / davidbombal  
Facebook:   / davidbombal.co  
TikTok:   / davidbombal  
YouTube:    / @davidbombal  
Spotify: https://open.spotify.com/show/3f6k6gE...
SoundCloud:   / davidbombal  
Apple Podcast: https://podcasts.apple.com/us/podcast...

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]

// MENU //
0:00 - Intro
0:14 - Critical flaw plagues Lenovo AI
0:36 - Massive security oversight =
0:44 - Key Takeaways =
02:06 - Just another example of AI giving out information
02:09 - Final thoughts and conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.
#lenovo #chatbot #hacked