Lenovo's Lena AI chatbot had weakness that let attackers hijack sessions

Lenovo’s customer service AI chatbot Lena was recently found to contain a critical vulnerability that could allow attackers to steal session cookies and run malicious code. Cybernews researchers discovered that with just one maliciously crafted prompt, the AI could be manipulated into exposing sensitive data. Lenovo has since fixed the issue, but the case shows how chatbots can create fresh risks when not properly secured. SEE ALSO: New AI-powered Operator X streamlines offline defensive cyber missions The flaw involved cross-site scripting, an attack method that has existed for decades. Researchers showed that Lena could be tricked into producing output containing… [Continue Reading]