TZUTC: -0500
MSGID: 1943.consprcy@1:2320/105 2dc7a13c
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
IBM's AI 'Bob' could be manipulated to download and execute malware

Date:
Fri, 09 Jan 2026 16:50:00 +0000

Description:
Bob is also susceptible to indirect prompt injection, but only under specific
conditions.

FULL STORY

IBMs Generative Artificial Intelligence ( GenAI ) tool, Bob, is susceptible 
to the same dangerous attack vector as most other similar tools - indirect
prompt injection. 

Indirect prompt injection is when the AI tool is allowed to read the contents
found in other apps, such as email, or calendar. 

A malicious actor can then send a seemingly benign email, or calendar entry,
which has a hidden prompt that instructs the tool to do nefarious things, 
such as exfiltrate data, download and run malware , or establish persistence.

Risky permissions 

Recently, security researchers Prompt Armor published a new report, stating
that IBMs coding agent, which is currently in beta, can be accessed either
through CLI (a terminal-based coding agent), or IDE (an AI-powered editor).
CLI is vulnerable to prompt injection, while IDE is vulnerable to known
AI-specific data exfiltration vectors. 

We have opted to disclose this work publicly to ensure users are informed of
the acute risks of using the system prior to its full release, they said. We
hope that further protections will be in place to remediate these risks for
IBM Bob's General Access release. 

There is a major caveat here, though. For the attackers to leverage this
attack vector, users must first configure Bob to grant it broad permissions.
Namely, the always allow permission needs to be enabled - for any command. 

Thats quite the stretch, even for the least security-conscious users out
there. Since the tool is still in beta, we dont know if that permission is
enabled by default, but we doubt it will be. 

In any case, Prompt Armor says the vulnerability allows threat actors to
deliver an arbitrary shell script payload to the victim, leveraging known and
custom malware variants to conduct different cyberattacks, such as 
ransomware, credential theft, spyware, device takeover, botnet assimilation,
and more. 

 Via; PromptArmor 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/ibms-ai-bob-could-be-manipulated-to-dow
nload-and-execute-malware

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 275 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 633/280 712/848 902/26 2320/0 105 107 304 3634/12
SEEN-BY: 5075/35
PATH: 2320/105 229/426