yeah, sounds like a "weird" vulnerability assuming it comes from a malicious text payload someone must deliberately insert into the own chat.
Hard to fathom $20k prize for that, to us old-schoolers, used to at least expect exploit delivery from an innocently-looking link.
With all the hype around AI I'm sure people are trying out all sorts of products that could have vulnerabilities like this. For example, imagine a recruiter hooks up an AI product to auto-read their LinkedIn messages and evaluate candidates. An attacker would just have to contact them, get the AI to read something of theirs, and this prompt attack could expose private information about the recruiter and/or company. The attacker would just need the recruiter to view the image (or better yet, have the service prefetch the image) to expose the data.
Remote: Remote/Hybrid/Office
Willing to relocate: No
Technologies: Typescript, Javascript, React, Node.js, Next.js, C#, Python, Django, Java, PostgresSQL, AWS, CSS, Tailwind
Résumé/CV: https://scottgibbs.me/resume
Email: Please see resume
Hey I'm Scotty - a full stack Software Engineer looking to work on exciting, challenging, and impactful products based in Europe. For the past few years I've been remote contracting for various US startups and have worked on products with millions of users. I like to work on all parts of the stack from creating rich interactive frontends, to wiring up an API layer, to working on data heavy backend processes. Check out my website to see examples of projects I've worked on. I'm an English native speaker who's recently moved to Europe and I’m looking to work with a larger team and on a more established product. If that sounds like you then please get in touch!