Malicious actors are finding ways to exploit the default configurations of ServiceNow’s Now Assist generative AI platform. According to AppOmni, these exploits involve a type of second-order prompt injection that takes advantage of Now Assist’s agent-to-agent discovery capabilities. By leveraging these vulnerabilities, attackers can execute unauthorized actions, such as copying and exfiltrating sensitive information from the platform.
The implications of such security gaps are significant, as they expose organizations to substantial risks. The ability for AI agents to carry out actions without proper oversight means that sensitive data could be mismanaged or leaked. Companies relying on ServiceNow must be vigilant and review their configurations to mitigate these vulnerabilities. A proactive approach to security will help organizations safeguard their data from potential exploitation.
👉 Pročitaj original: The Hacker News
