A significant vulnerability in Slack's AI has been identified, allowing attackers to potentially steal sensitive information from private channels by manipulating the AI's language model.

This manipulation can occur through a technique known as 'prompt injection,' which can be used to create phishing links targeting users.

The implications of this vulnerability are serious, as sensitive data is often shared on Slack, necessitating user awareness and potential adjustments to privacy settings.

Slack's response to the issue suggests a lack of understanding regarding the nature and severity of the vulnerability.

A spokesperson from Salesforce, Slack's parent company, stated that they have addressed the issue but did not provide specific details about the measures taken.

The exploit significantly increases the attack surface, as attackers do not need to be present in Slack to initiate the attack.

Malicious instructions hidden in uploaded files, such as PDFs, can lead to similar attacks, allowing for data theft without direct user participation.

Users are advised to review the AI policies of applications they frequently use to ensure their security and mitigate potential risks.

PromptArmor has emphasized that this example illustrates a broader risk involving multiple opportunities for attackers to exploit prompt injection vulnerabilities.

PromptArmor, the security firm that disclosed the vulnerability, highlighted the potential for unauthorized data access in private channels where the attacker is not a member.

The AI system has been found to intentionally access private direct messages and file uploads, raising further security concerns.

Despite the serious nature of these findings, Slack has not publicly commented on the vulnerabilities reported by PromptArmor.