Last week I saw this paper from OpenAI called “Preventing URL-Based Data Exfiltration in Language-Model Agents”, which goes into detail on new …

Embrace the Red's resource offers insights, tutorials, and resources for developers and enthusiasts interested in game development and game design. Readers can learn about game design principles, storytelling techniques, and game development tools. With articles, tutorials, and game reviews, Embrace the Red provides  guidance and expertise for creating immersive and engaging gaming experiences.

Embrace The Red

OpenAI published a paper detailing URL-based data exfiltration mitigations in language model agents. The mitigations use a web crawler to create an allow-list of safe URLs, blocking dynamically created ones. While this increases attack complexity, bypasses remain possible through techniques like mapping individual letters to indexed URLs. The author, who originally disclosed this vulnerability in 2023, suggests additional mitigations like URL caching and preventing repeated visits to the same URL within a session.

OpenAI Explains URL-Based Data Exfiltration Mitigations in New Paper · Embrace The Red

Final Risk - Thorough Adoption of the Mitigation