Man-in-the-Prompt: The Invisible Attack Threatening ChatGPT and Other AI Systems

A new type of threat is alarming the world of cyber security, targeting leading generative artificial intelligence tools such as ChatGPT, Gemini, Copilot, and Claude. The problem? It does not even require a sophisticated attack: all it takes is a browser extension.

The term "Man-in-the-Prompt" refers to a new attack vector that exploits an underestimated weakness in the input window of AI chatbots. When we use tools such as ChatGPT from a browser, our messages are written in a simple HTML field, accessible from the page's DOM (Document Object Model). This means that any browser extension with access to the DOM can read, modify, or rewrite our requests to the AI, and do so without us noticing.

The Man-in-the-Prompt attack doesn't even need special permissions to work. According to researcher Aviad Gispan of LayerX Security, "any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it, and cover their tracks."

The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini. This means that even seemingly harmless external content, such as emails, links, or documents, can contain hidden instructions directed at the AI.

A Serious Threat to Business and Personal Use

The potential consequences of this attack are serious, especially in the business world. According to LayerX, 99% of business users have at least one extension installed in their browser. In this scenario, the risk exposure is very high. The Man-in-the-Prompt attack falls under the broader category of prompt injection, one of the most serious threats to AI systems according to the OWASP Top 10 LLM 2025.

A Call for Improved AI Security

The LayerX report raises a crucial point: AI security cannot be limited to the model or server, but must also include the user interface and browser environment. In an era where AI is increasingly integrated into personal and business workflows, a simple HTML text field can become the Achilles heel of the entire system.

A New Era in Cyber Security Awareness

As Electronics engineer and Clusit member Salvatore Lombardo notes, "Education improves awareness". He emphasizes the importance of conscious education in cybersecurity, which is reflected in his slogan. Follow him on Twitter: @securityaffairs and Facebook and Mastodon to stay informed about the latest developments in AI security.

Conclusion

The Man-in-the-Prompt attack highlights the need for improved AI security measures beyond just model or server protection. By raising awareness of this new threat, we can work together to prevent similar attacks in the future and ensure a safer online experience for everyone.