Builders beware
AI instruments are all about dashing up and automating tedious and time consuming duties. Nonetheless, additionally they do the identical factor for immediate injection attackers. The exploit documented by Tracebit includes assumptions, however not unreasonable ones, that an attacker might exploit underneath real-world circumstances. In the meantime, the hunt is already underway to seek out immediate injection flaws throughout a variety of contexts and instruments.
Briefly, whereas Tracebit’s flaw is the primary found in Gemini CLI, it’s in all probability not the final. The failings, categorised by Google as a excessive severity (V1) and precedence repair (P1), have been patched in Gemini CLI v0.1.14 launched on July 25, which is why we’re listening to about it now.
Past updating to the patched model of Gemini CLI, the very best recommendation is all the time to run instruments in sandbox mode to isolate them from the host system. Google’s response to the disclosure, despatched to Tracebit, underlined the latter level:
