What happened after 2,000 people tried to hack my AI assistant
A public AI security challenge saw 2,000 people attempt to leak secrets via prompt injection, with all 6,000 attempts failing, reflecting progress in frontier model defenses but also revealing lingering risks.
Simon Willison · Jun 27, 2026
OpenAI Help: Lockdown Mode
Lockdown Mode uses deterministic rules to block outbound requests, cutting off the data exfiltration vector in prompt injection attacks and implicitly revealing the weakness of default ChatGPT security.
Simon Willison · Jun 6, 2026
Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
A real-world attack where hackers bypassed Instagram's account recovery by simply asking Meta's AI chatbot to link a new email, revealing the severe risks of wiring AI directly into critical systems without proper authorization boundaries.
Simon Willison ·
Microsoft Copilot Cowork Exfiltrates Files
A critical security flaw in Microsoft Copilot Cowork allowed attackers to exfiltrate user files via prompt injection by exploiting auto-sent emails and pre-authenticated download links.
Simon Willison ·