In early March 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released its final Secure Software Development Attestation Form instructions, sparking a renewed urgency around understanding and complying with 31 of the 42 tasks in NIST SP 800-218 Secure Software Development Framework (SSDF) version 1.1.

Generative AI has emerged as the next big thing that will transform the way we build software. Its impact will be as significant as open source, mobile devices, cloud computing—indeed, the internet itself. We’re seeing Generative AI’s impacts already, and according to the recent Gartner Hype Cycle for Artificial Intelligence, AI may ultimately be able to automate as much as 30% of the work done by developers.

The Synopsys Cybersecurity Research Center (CyRC) has exposed prompt injection vulnerabilities in the EmailGPT service. EmailGPT is an API service and Google Chrome extension that assists users in writing emails inside Gmail using OpenAI's GPT models. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.