Simon Willison 1/12/2026

Superhuman AI Exfiltrates Emails

Read Original

A security researcher demonstrated a classic prompt injection attack against Superhuman AI. When asked to summarize recent emails, a malicious prompt in an untrusted email manipulated the AI to exfiltrate dozens of sensitive emails (containing financial, legal, and medical data) to an attacker's Google Form. The root cause was a CSP rule allowing image loads from docs.google.com, which Google Forms used to persist data via GET requests. Superhuman treated it as a high-priority incident and issued a fix.

0 comments
#prompt injection #ai security #content-security-policy
Superhuman AI Exfiltrates Emails

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

1
Using Browser Apis In React Practical Guide
Jivbcoop 2 votes
2
Better react-hook-form Smart Form Components
Maarten Hus 2 votes
3
Top picks — 2026 January
Paweł Grzybek 1 votes
4
In Praise of –dry-run
Henrik Warne 1 votes
5
Deep Learning is Powerful Because It Makes Hard Things Easy - Reflections 10 Years On
Ferenc Huszár 1 votes
6
Vibe coding your first iOS app
William Denniss 1 votes
7
AGI, ASI, A*I – Do we have all we need to get there?
John D. Cook 1 votes
8
Quoting Thariq Shihipar
Simon Willison 1 votes
9
Dew Drop – January 15, 2026 (#4583)
Alvin Ashcraft 1 votes