New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks


Using Text-to-SQL models to generate malicious code, a group of academics has developed innovative methods that might be used by adversaries to gather confidential data and launch denial-of-service attacks. According to Xutan Peng, a researcher at the University of Sheffield, “a wide range of database applications apply AI approaches that can translate human questions into SQL queries” to better connect with users.

“We discovered that crackers can trick Text-to-SQL models into creating malicious code by posing some specifically crafted questions. Since this function runs automatically on the database, the results could be disastrous.

Read More…