Well, this happened at Google recently:

Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions.

And Google’s response to this new AI-hacking threat vector – other than (responsibly) alerting its users – was to take a “layered” approach, scanning for likely prompt injections (that sounds familiar) and “hardening” its AI in a few ways.

The idea of not automatically running every email, document, and calendar invite through an AI doesn’t seem to have occurred to anyone at Google, though. I’m not surprised; Google’s execs still seem to think that going all in on AI is how they’ll stay on top…

“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

– Upton Sinclair