This is being presented as an AI vulnerability, but what's happening is that untrustworthy extensions are "overriding the browser's native fetch() and XMLHttpRequest() functions in order to capture every prompt and every response." This is a much deeper issue that impacts a wide range of applications, not just AI. It bothered me enough that I looked more deeply into it. XMLHttpRequest() is depreciated and your apps shouldn't be using it. You can use metadata headers to prevent a number of scripting attacks. But the best method is probably cache the native fetch() function (either as a variable or in a hidden iframe) before any extensions run. Of course, if you're using an application written by someone else, you can't do this; this is yet another reason people should learn to create their own applications (using AI, of course) rather than depending on what's out there.
Today: Total: [Direct link] [Share]
