Lenovo's Lena AI chatbot could be turned into a secret hacker with just one question

Cybernews researchers discovered that Lenovo's ChatGPT-powered Lena chatbot could be manipulated to steal active session cookies from customer support agents, potentially allowing attackers to access sensitive data and infiltrate corporate networks. Using a simple 400-word prompt asking the chatbot to generate HTML, researchers tricked Lena into sending secret instructions that could enable account takeovers, malware installation, and system command execution due to improper input and output sanitization safeguards.