Malware, ransomware, adware, spyware, crimeware, scareware and mineware. There’s seemingly no end to the various “-wares” that bad actors employ online in an effort to steal your personal information.
Well, you can add a new one to the list: It’s called “promptware,” and it’s a little different than the other malicious software listed above. It doesn’t target you, per se—though, rest assured, getting its digital mitts on your personal data remains its ultimate aim. Promptware won’t try to trick you into buying fake antivirus software. It won’t blow up your browser with unwanted ads. And it won’t tell you, “YOU WON $1 MILLION DOLLARS! JUST CLICK HERE NOW! TIME IS RUNNING OUT!”
Again, promptware is not after you.
It’s after your AI.
Confused? Don’t worry. We’ll walk you through what promptware is, why it’s an emerging (and dangerous) threat to those who use artificial intelligence and what you can do to protect your family from a promptware attack.
What is Promptware?
Promptware—or, to be more specific, prompt injections—are malicious insertions in otherwise normal communications that are designed to trick AI agents and chatbots into performing a function for the hacker’s benefit.
A group of researchers from Tel Aviv University demonstrated the ability to deliver hidden prompts through messages, which, in turn, made AI perform certain tasks. In their study, they specifically targeted Google’s AI assistant, Gemini. Concerningly, through Gemini’s connection to smart home technology, the researchers were able to trick the AI into opening smart locks, turning on a Wi-Fi enabled boiler and even providing a user’s geolocation. All through secret prompts carefully hidden in everyday messages.
Vulnerabilities
The dangers of promptware increase as a growing number of people adopt “agentic AI” to perform daily tasks. And you may already be vulnerable to one of these exploitive attacks.
For instance, if you use an AI agent to read and summarize emails—a feature already available in mainstream platforms like Gmail and Outlook—a prompt injection hidden in spam could place your AI under its thrall, allowing a hacker access to your personal information.
Even something as innocuous as a calendar invite could be weaponized with promptware. Gone are the days when hackers had to rely on tricking you into clicking a malicious link (as convincing as they might be) before they could sink their hooks into you. An added concern with promptware is that it’s oftentimes “zero click”: You may not have activated the prompt, but your AI might have.
Theoretically, anything that leverages AI to scan information could fall prey to promptware. As we know, scammers are always adapting, looking for new ways into the system. AI just provides another access point that we need to monitor. However, the good news is that tech companies are starting to acknowledge the risk of promptware and put protections in place.
Protecting Your Family from Promptware
In the meantime, what can you do to ensure your family is protected from this new digital threat? The first thing we’d suggest is to conduct an audit of any AI tools that you or your kids use.
This might be obvious—if you use Gemini for smart home functionality, for instance. But other things might not be so obvious. Just last year, Gmail defaulted to showing AI summaries, forcing users to dig into the app’s settings to disable the feature. So, even if you don’t actively seek out and use AI tools, sometimes they get added to the things you do use without a whole lot of warning.
So, if you are actively using AI tools to summarize information or help you with your schedule, don’t give it too much autonomy. Don’t allow AI to summarize anything and everything you receive—just information from senders you absolutely trust. Keep your apps updated so the most recent safety patches can be applied. On that same note, be aware of what exactly is being applied in a given update, in case extra AI features are being added.
Talk to your kids to get an idea of what AI tools they have and what they use them for, too. Explain the dangers of promptware and make the protection of your home (and your family’s personal data) a team effort.
The tools that hackers use to steal your data will continue to become more sophisticated, especially in the age of AI, but a collaborative and communicative family can be a strong defense against malicious digital attacks.
Recent Comments