Recent findings by cybersecurity researchers, including those at Hidden Layer Security (@hiddenlayersec) and Salt Security, have exposed significant vulnerabilities in large language models (LLMs) and their plugins, particularly those developed by Google and OpenAI. The Gemini Advanced Google Workspace plugin, associated with Google's Gemini LLM, has been found vulnerable to leaking system instructions and indirect prompt injection attacks. Similarly, critical security flaws in ChatGPT plugins, highlighted by Oracle (@OracleNYSE) and Microsoft's OpenAI ($MSFT OpenAI), have been identified, putting users at risk of data breaches, including the potential theft of login details and access to sensitive data on third-party websites. Further research has revealed vulnerabilities in closed AI models from both OpenAI and Google, highlighting the risk of attackers exploiting these flaws to install malicious plugins without user consent and hijack accounts on platforms like GitHub. Additionally, it was noted by IEthics that, with the exception of Google Gemini, all widely used chat-based LLMs transmit tokens immediately after generating them, creating a side channel vulnerability. However, Google Gemini is exempt from this issue. OpenAI and Cloudflare have implemented fixes to address these security concerns.