5 min read
Incident Reports A UK insurer's AI chatbot, due to an IDOR vulnerability and excessive tool permissions, allowed authenticated users to retrieve policy data for unrelated customers. 80,000 records exposed.
A UK insurer's AI chatbot, due to an IDOR vulnerability and excessive tool permissions, allowed authenticated users to retrieve policy data for unrelated customers. 80,000 records exposed.
Training data can be reconstructed from foundation model weights with significantly higher accuracy than previously reported, with implications for GDPR compliance and IP protection.
Model inversion and training data extraction attacks allow adversaries to recover PII, proprietary data, and trade secrets from fine-tuned LLMs exposed via API.