05-31-2026, 07:53 AM
(Edited 05-31-2026, 07:55 AM by asva.)
Recently I have been testing prompt injection vulnerabilities to get AI to leak sensetive information.
Examples of data I have had AI Agents reveal: Backend API Keys, Admin portal URL, Admin email & name, team members with access names & emails, technology stack & more.
If they don't have the proper prompts in place you can trick it to reveal information with simple prompts such as:
So far I have tested this on OpenClaw based agents that are running on Mac Minis on the backend in a production enviroment and Hermes.
Try it out and see what you get.
Examples of data I have had AI Agents reveal: Backend API Keys, Admin portal URL, Admin email & name, team members with access names & emails, technology stack & more.
If they don't have the proper prompts in place you can trick it to reveal information with simple prompts such as:
So far I have tested this on OpenClaw based agents that are running on Mac Minis on the backend in a production enviroment and Hermes.
Try it out and see what you get.