Security researchers expose AI agent manipulation through staged conversations.

AI security platform SPLX demonstrated that ChatGPT agents can be tricked into solving CAPTCHAs through a two-step prompt injection attack. Researchers first primed ChatGPT-4o by claiming they wanted to solve “fake” CAPTCHAs and getting the AI to agree that this was acceptable. They then opened a ChatGPT agent, pasted the previous conversation as context, and asked the agent to continue the discussion. The agent successfully solved multiple CAPTCHA types including reCAPTCHA V2 Enterprise and Click CAPTCHAs and attempted to mimic human cursor movements without being instructed to do so.

Read more:

https://www.securityweek.com/chatgpt-tricked-into-solving-captchas/