Prompt Security

🚨 New vulnerability discovered in OpenAI's ChatGPT Crawler Security researcher Benjamin Flesch recently uncovered a significant vulnerability in OpenAI's ChatGPT crawler that could enable DDoS attacks. A single HTTP request to the ChatGPT API can be used to flood a targeted website with network requests from the ChatGPT crawler, leading to a DDoS/DDoW (distributed denial of wallet). Here's what you need to know: ⚠️ The vulnerability allows attackers to trigger thousands of requests per second to target websites using ChatGPT's crawler system 💻 No authentication token required - making this an easily exploitable security flaw 🌐 The crawler sends requests from multiple IP addresses, making it difficult for victims to block the attacks DDoW his not only degrades the quality of service for legitimate users but also can result in significant financial costs due to overuse of resources and token consumption. Thomas Claburn's wrote all about it here >> https://lnkd.in/eS57D7w7

Boarding call for Italy 🛫 We're proud to have been invited to present at the prestigious CyberFAST event of Accenture on how leading organizations are tackling GenAI Security and Governance. Want to meet the Prompt Security team in Padova or Milan? The spritz is on us! 🍹 Or Tsimbler | Itamar Golan | Accenture Italia | Benjamin N. Haddad

#️⃣ ANNOUNCEMENT = {   "product_launch": "enhanced_security_solution_for_GitHub_Copilot",       "core_functionality": {     "action": "redact_and_sanitize",     "target": "AI_generated_code",     "protection": ["secrets", "PII", "IP"],     "features": ["visibility", "monitoring"]   },       "Q1_release_features": [     "real_time_sanitization(latency=milliseconds)",     "vulnerability_detection_and_blocking",     "supported_platforms": [       "GitHub_Copilot_Free",       "Amazon_Q",       "Tabnine",       "Blackbox",       "GitLab_Duo",       "Supermaven",       "Sourcegraph_Cody"     ]   ],       "benefits": {     "productivity_boost": "55%",     "security_level": "enterprise_grade"   } } READ THE FULL ANNOUNCEMENT (not in Python 😅 ) >> https://lnkd.in/dNBsRg42

You've probably heard that Google has included Gemini at no additional cost in Google Workspace ✨ This marks a significant shift in enterprise GenAI accessibility and the promise of enhanced productivity through features like email summaries, automated note-taking, and integrated chatbot assistance. And yet its widespread availability brings with it new challenges for security leaders: ❗Gemini's integration with email, meetings, and documents can lead to unauthorized sharing of sensitive communications and confidential information. ❗Search capabilities and external AI system interactions pose risks to access control and potential compromise of intellectual property in training datasets. ❗Shadow AI: the free availability in Google Workspace enables widespread, uncontrolled AI usage by employees without proper oversight. 𝐏𝐫𝐨𝐦𝐩𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲'𝐬 𝐄𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞-𝐆𝐫𝐚𝐝𝐞 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐟𝐨𝐫 𝐆𝐞𝐦𝐢𝐧𝐢 With Gemini now free in Google Workspace, organizations need robust security. Prompt Security delivers this through: ✅ Real-time monitoring across Workspace apps for complete visibility of GenAI usage ✅ Advanced filters to prevent sensitive data leakage and unauthorized transmission ✅ Granular controls that balance security with productivity, ensuring safe GenAI adoption Learn more on our blog >> https://lnkd.in/dYbErPBz

One of the core themes I'm tracking closely (starting next month) is understanding the best solutions for preventing data exfiltration and the role that security for AI/LLMs companies will play in solving this issue for enterprises. I'm interested in seeing how the AI security category inflects this year in helping organizations prevent data leakage relative to other areas like data security (specifically data loss prevention (DLP)), which I wrote about last month. Let's explore the relationship between data security (DLP-focused) vendors relative to security for AI vendors for a moment. While there are many AI security vendors, I find it interesting to see what Prompt Security has built in and around preventing data leakage. The rise of ChatGPT and Microsoft 365 Copilot continues to transform how enterprises work—but it’s also exposing them to new data risks that legacy Data Loss Prevention (DLP) solutions weren’t built to handle. We've seen GenAI introduce dynamic risks around: - Shadow AI: Undetected tools used by employees. - Prompt Injection: Malicious manipulation of AI outputs. - Sensitive data leaks: Unintentional data exposure during AI interactions. What I'm seeing is that AI security companies like Prompt Security or others are managing this risk for organizations better in Gen-AI enterprise stack. Unlike legacy DLP / Data security vendors, they are showing better promise at: 1) Redacting sensitive data in real-time before it reaches GenAI tools. For example, we see better detection capabilities from pattern matching to contextual AI-based detection: for instance, DLPs like Zscaler can detect a social security number, but companies like Prompt can detect a corporate document with intellectual property better. 2) Better at detecting unauthorized AI tool usage (Shadow AI) across M365 AI tools, Github co-pilots and many more 3) Better at preventing AI-specific attacks like prompt injections. 4) These companies are able to surface educational popups so that employees or users are aware of when they're using an AI site or have violated the company AI policy 5) Full observability of AI usage and ensuring compliance. In general, AI security startups like prompt security (and a few others too) are showing they can dynamically adapt to the fluid, unstructured nature of data as it deals with GenAI interactions and take actions as needed with an agent or extension. In 2025, as more organizations embrace GenAI to stay competitive, data security is top of mind / foundational, so it'll be interesting to see how GenAI startups vs legacy DLP / data security vendors interact in this market. This is a trend to watch and I'll be uncovering this theme closely later next month!

Itamar Golan's unfiltered take on our competition 👀 Thank you Steffen Foley for having us on your podcast. Tune in >> https://lnkd.in/dYszrcwe or watch the full episode here >> https://lnkd.in/dWrh9-E3

What’s next for the future of Identity? These founders weigh in with their 2025 predictions.🔮 Learn how Okta Ventures is shaping the Identity landscape: https://bit.ly/3KNFHTi

🚨 FDA Warns of Cyber Risks in Guidance for AI-Enabled Devices "[...] consider a pacemaker that relies on an LLM, receiving data from both the body and the cloud. If this LLM were poisoned during training, it could behave maliciously - such as reacting badly to a cloud-delivered string with terms like 'male', 'Jewish' or 'American'. This is not theoretical but a real attack scenario." This week, the Federal Drug Administration published this week non-binding draft guidance for AI-Enabled Device Software. The document covers a wide range of considerations that apply to developers and manufacturers of medical devices with one or more AI-enabled device software functions. Cybersecurity is an important theme covered by the 67-page document. Itamar Golan contributed his thoughts to this piece at Information Security Media Group (ISMG) >> https://lnkd.in/g97wjrKT Marianne McGee | Information Security Media Group (ISMG) | St. Joseph's Healthcare Hamilton

We couldn't be more excited to share that Yoav Lasman has joined us as a VP R&D! Yoav brings with him a wealth of experience in managing and leading development teams. In his most recent role, he served as VP of Engineering at BigID and managed over 50 employees in the areas of development and product. Prior to that, he worked for over 15 years at Check Point in a variety of roles, including managing R&D teams in the areas of threat prevention and cloud services. Welcome aboard the rocketship, Yoav! 🚀 Read the full article on Calcalist כלכליסט >> https://lnkd.in/dVDf4bkt

CRN says you should be watching us this year 👀 🤩 We're so humbled to be on the list of the 10 Cybersecurity Startups To Watch in 2025. Read more >> https://lnkd.in/d6zV_ssq