So, I’m currently developing a chatbot for my company. If an LLM needs to do something, a developer must build a tool. It just so happens that this tool that was built did not take traditional security into account. Really it should only be using the tools already built for users, but it seems the Jr. Devs that have been replacing seniors do not have the sensibilities yet.
The entity being manipulated is not human so I would not classify it as social engineering, even if similar techniques are used (help me my grandmother needs info).
It’s not phreaking. Social engineering.
So, I’m currently developing a chatbot for my company. If an LLM needs to do something, a developer must build a tool. It just so happens that this tool that was built did not take traditional security into account. Really it should only be using the tools already built for users, but it seems the Jr. Devs that have been replacing seniors do not have the sensibilities yet.
The entity being manipulated is not human so I would not classify it as social engineering, even if similar techniques are used (help me my grandmother needs info).