A dangerous vulnerability in ServiceNow’s Now Assist AI platform allows attackers to execute second-order prompt injection attacks via default agent configuration settings. The flaw enables unauthorized actions, including data theft, privilege escalation, and exfiltration of external email, even with ServiceNow’s built-in prompt injection protection enabled. The vulnerability stems from three default configurations that, when combined, […]
The post Hackers Can Exploit Default ServiceNow AI Assistants Configurations to Launch Prompt Injection Attacks appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: