Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If user Y, some random dude from the internet, can give orders to the AI that it will execute, (like attaching links), can't you also tell the AI to lie about information in future requests or otherwise poison the data stored in your slack history.


User Y is still an employee of your company. Of course an employee can be malicious, but the threat isn't the same as anyone can do it.

Getting AI out of the picture, the user could still post false/poisonous messages and search would return those messages.


Not all slack workspace users are a neat set of employees from one organisation. People use Slack for public stuff for example open source. Also private slacks may invite other guests from other companies. And finally the hacker may have accessed an employees account and now has a potential way to get the a root password or other valuable info.


Yeah, data poisoning is an interesting additional threat here. Slack AI answers questions using RAG against available messages and documents. If you can get a bunch of weird lies into a document that someone uploads to Slack, Slack AI could well incorporate those lies into its answers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: