Slack AI could be tricked into leaking login details and more

News
By last updated

A carefully crafted prompt could force Slack AI to disclose secrets

The slack logo on a mobile phone in front of a purple wall with the slack logo on it
Slack - nu med lite mer (artificiell) intelligens. (Image credit: Shutterstock)

Security researchers claim to have uncovered a way to trick Slack’s AI assistant into sharing sensitive information and other secrets with unauthorized users

Slack, which is used by more than 35 million people worldwide, introduced its own Artificial Intelligence (AI) tool in September 2023, allowing users to summarize multiple unread messages, answer different questions, search for files, and more.

But as we’ve seen with other chatbots in the past, with a carefully crafted prompt (a command given to the AI), a malicious actor could force the tool to disclose sensitive data from private Slack channels they’re not a part of.

"Intended behavior"

Security firm PromptArmor, which found the flaw and reported it to Salesforce, explained how crooks could steal API keys, for example:

"We demonstrate how this behavior will allow an attacker to exfiltrate API keys that a developer put in a private channel (that the attacker does not have access to)."

The attack revolves around creating a public Slack channel and inputting a malicious prompt, which the AI reads. It will then instruct the Large Language Model (LLM) to respond to queries for the API key by providing a clickable URL. Clicking on the URL will send the API key data to the attacker-controlled website, where they can pick it up.

Aside from API keys, the crooks could also abuse this vulnerability to grab files uploaded to Slack, as well, since the AI reads those, too.

Furthermore, because the AI reads files as well, the hackers don’t even need to be a part of the Slack workspace to be able to steal secrets. All they need to do is hide the malicious prompt in a document and get a workspace member to upload it (with social engineering, for example).

"If a user downloads a PDF that has one of these malicious instructions (e.g. hidden in white text) and subsequently uploads it to Slack, the same downstream effects of the attack chain can be achieved," PromptArmor said.

Salesforce, which owns Slack, says it has apparently patched the bug, with a company spokesperson telling TechRadar Pro, "When we became aware of the report, we launched an investigation into the described scenario where, under very limited and specific circumstances, a malicious actor with an existing account in the same Slack workspace could phish users for certain data. We’ve deployed a patch to address the issue and have no evidence at this time of unauthorized access to customer data. Full updates are available at http://slack.com/blog/news/slack-security-update-082124."

PromptArmor says Salesforce told it that "messages posted to public channels can be searched for and viewed by all Members of the Workspace, regardless if they are joined to the channel or not. This is intended behavior."

Via The Register

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
An unprotected AI service is streaming private Slack messages online
A person using DeepSeek on their smartphone
DeepSeek ‘incredibly vulnerable’ to attacks, research claims
DDoS attack
ChatGPT security flaw could open the gate for devastating cyberattack, expert warns
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Shadowed hands on a digital background reaching for a login prompt.
Private API keys and passwords found in AI training dataset - nearly 12,000 details leaked
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Venezuela's forward #09 Jhonder Cadiz celebrates after scoring during the 2026 FIFA World Cup South American qualifiers football match between Ecuador and Venezuela, at the Rodrigo Paz Delgado stadium in Quito, on March 21, 2025 ahead of Venezuela vs Peru

Venezuela vs Peru live stream: how to watch FIFA World Cup 2026 qualifier anywhere online
See more latest
Most Popular
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'