Comment by fwip
> What protections are there against this?
Nothing that will work. This thing relies on having access to all three parts of the "lethal trifecta" - access to your data, access to untrusted text, and the ability to communicate on the network. What's more, it's set up for unattended usage, so you don't even get a chance to review what it's doing before the damage is done.
Too much enthusiasm to convince folks not to enable the self sustaining exploit chain unfortunately (or fortunately, depending on your exfiltration target outcome).
“Exploit vulnerabilities while the sun is shining.” As long as generative AI is hot, attack surface will remain enormous and full of opportunities.