What’s new: Researchers have discovered a jailbreak technique for OpenAI’s GPT-5 that allows it to produce illicit instructions by manipulating its conversational context. This method, termed Echo Chamber, combines narrative-driven steering to bypass ethical guardrails. Additionally, new zero-click AI agent attacks have been identified, which exploit vulnerabilities in cloud and IoT systems, enabling attackers to exfiltrate sensitive data without user interaction.
Who’s affected
Organizations utilizing GPT-5 and other AI agents in cloud-based environments, particularly those integrating with services like Google Drive and Jira, are at risk of data breaches and unauthorized access due to these vulnerabilities.
What to do
- Implement strict output filtering and monitoring for AI-generated content to mitigate risks associated with prompt injections.
- Regularly conduct red teaming exercises to identify and address vulnerabilities in AI systems.
- Educate staff on the potential risks of AI integrations and the importance of secure coding practices.
