Concerns have been raised that YouTube Studio's AI features could potentially leak information from private videos.

Security researcher javoriuski has reported that exploiting YouTube Studio's AI feature 'Ask Studio' could potentially allow someone to send the titles of private videos and other information to an external party through instructions embedded in the comments section.
Leaking YouTube Creators Private Videos | Javox
YouTube creators typically read comments after uploading a video to gauge viewer reactions and analyze view counts to plan their next project. However, as a channel grows, it becomes increasingly difficult to review all comments and view counts. Therefore, YouTube Studio offers Ask Studio, which allows creators to rely on AI to summarize comments and suggest video ideas.

Ask Studio can provide feedback based on the creator's channel information, meaning that feedback can be obtained not only for public videos but also for draft videos, private videos, and limited-access videos. While convenient, there are some points to be aware of regarding the system that uses AI to read the text in the comment section.
According to javoriuski, if a malicious user wrote instructions for the AI in the comments section, Ask Studio would sometimes treat the comments as commands rather than mere opinions. This technique is called 'prompt injection' and is a common problem for services that use AI to read external text.
In an experiment conducted by javoriuski, an attacker embedded specific instructions in a comment, and when a creator clicked on a suggested question in Ask Studio on YouTube Studio, the AI's response displayed the message intended by the attacker. Furthermore, it was shown that by displaying a link to the attacker's website within the AI's response and including the title of a video from the channel in the destination URL, it might be possible to send the titles of private videos to an external server.

The titles of private videos may include unannounced project names, pre-release product reviews, and personal records. Even if the video itself is private, if Ask Studio reads the video titles within the channel and embeds them in an external link based on instructions via the comments section, there is a possibility that information could be leaked in a way that the creator did not intend.
Javoriuski points out that when using AI to read user-submitted content such as comments, it is necessary to clearly distinguish between the text that the AI processes and the instructions that the AI should follow.
Although javoriuski reported the issue to Google, Google treated it as a problem requiring social engineering and did not classify it as a tracked security bug.
Related Posts:
in AI, Web Service, Security, Posted by log1d_ts







