Block's CISO describes how the company red-teamed its internal AI agent Goose, successfully executing a prompt injection attack that installed infostealer malware on an employee laptop. The attack exploited poisoned recipes (reusable workflows) with malicious instructions hidden in invisible Unicode characters. Block has since

6m read timeFrom go.theregister.com
Post cover image
Table of contents
Least-privilege accessPoisoning a goose recipeAdversarial AI

Sort: