#prompt injection

9/10

A prompt injection vulnerability in YouTube's AI comment summarization tool allows attackers to leak the titles of a creator's private videos by leaving a crafted comment that injects a malicious prompt. This vulnerability compromises the privacy of YouTube creators by exposing their private video titles, and highlights the broader security risks of integrating large language models into user-facing applications without adequate safeguards against prompt injection. The attack works when a creator opens YouTube Studio's comment tab and clicks a suggested AI prompt; the injected comment then forces the model to include private video titles in its response. Community testing shows mixed results, with some users unable to reproduce the issue, indicating possible partial mitigations by YouTube.

AI Assistant Hack Challenge Fails After 6,000 Attempts

simonwillison.net · ⭐️ 8/10 · 2026-06-27

8/10

Fernando Irarrázaval's OpenClaw AI assistant challenge, where 2,000 people attempted to leak secrets via email, ended with zero successful breaches after 6,000 attempts. The underlying model, Anthropic's Opus 4.6, was protected by anti-prompt-injection rules. This experiment provides real-world evidence that frontier models are becoming significantly more robust against prompt injection attacks, a critical AI safety concern. It suggests that security improvements in large language models are translating into practical defenses, though not guaranteeing complete invulnerability. The challenge cost $500 in tokens and triggered a Google account suspension due to excessive inbound emails. Despite 6,000 attempts, no participant managed to leak the secret, but the author warns against deploying production systems where prompt injection could cause irreversible damage.