Top stories
YouTube Studio "Ask Studio" prompt injection leaks private video data
- Category: Security
- Status: confirmed
- Sources: researcher writeup, HN discussion
- Summary: A researcher reported that YouTube Studio's "Ask Studio" AI assistant treats video comment text as trusted input. An attacker posts a benign comment and later edits it to contain instructions, and when the creator uses a suggested Studio prompt the assistant follows those instructions. A demonstrated payload extracts private video titles from the creator's channel through a crafted link. Google declined to classify the finding as a security bug, saying it required social engineering, and held that position after a proof of concept.
- Comments: HN commenters focus on Google shipping an LLM feature with no role separation between untrusted comment text and system instructions, and debate whether exploiting it counts as abuse under Google's own terms.
- Why it matters: It is a live prompt injection data exposure path in a widely used creator tool, and the vendor has declined to fix it.
- Follow-up: Watch for a Google reversal, a tracking identifier, or independent reproduction.