Meet Maurice II; if you know it, you know it
A team of researchers at Cornell Tech has created the first generative artificial intelligence worm, called Morris II, that can steal information from artificial intelligence email assistants and convince them to start sending spam. The AI worm has successfully attacked assistants powered by ChatGPT, Gemini and open source LLM and LLaVA in test environments. Thankfully, these attacks are unlikely to be successful against their current commercial products, but this may change as the applications are updated.
Attacks can exploit text-based self-replicating cues or they can create what they call adversarial self-replicating cues by embedding self-replicating cues in image files. Essentially, the prompt asks the AI assistant to contact its source, such as ChatGPT, but does so in a way that forces personal data to be included in the generated response. A better Morris II could force the AI assistant to copy input as output, thereby spreading the worm to any system it was talking to, and the AI assistant could talk to many other systems. If the prompt is included, then another computer using an artificial intelligence email assistant will join in and start leaking secrets and spreading the Morris II AI worm.
The research paper is here which will provide a more accurate description than here.