New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

Using Text-to-SQL models to generate malicious code, a group of academics has developed innovative methods that might be used by adversaries to gather confidential data and launch denial-of-service attacks. According to Xutan Peng, a researcher at the University of Sheffield, “a wide range of database applications apply AI approaches that can translate human questions into SQL queries” to better connect with users.

“We discovered that crackers can trick Text-to-SQL models into creating malicious code by posing some specifically crafted questions. Since this function runs automatically on the database, the results could be disastrous.

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

09-Jan-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address