## ZombieAgent: the evolution of ChatGPT attacks A group of researchers at Radware has discovered a new vulnerability in ChatGPT, called ZombieAgent, which allows the exfiltration of private user data. The attack allows sensitive information to be taken directly from ChatGPT servers, making it difficult to detect the compromise on user devices, which are often protected within corporate networks. Furthermore, the exploit inserts entries into the AI assistant's long-term memory, ensuring the persistence of the attack. ## A vicious cycle in AI The pattern is always the same: a vulnerability is discovered, it is exploited, a countermeasure is introduced, and then a way is found to bypass it. This is because protections are often reactive, designed to block specific attack techniques rather than addressing the underlying vulnerabilities. This approach is comparable to installing a new highway guardrail after an accident with a small car, without considering the safety of larger vehicles. The very nature of AI, designed to fulfill user requests, makes it difficult to implement truly effective defenses. ## General context The security of large language models (LLMs) has become a top priority. Companies are investing heavily in protecting these systems from malicious attacks and ensuring the privacy of user data. However, the continuous discovery of new vulnerabilities demonstrates that the challenge is far from resolved. It is essential to adopt a proactive approach to security, anticipating potential threats and developing robust and flexible defenses.