Security Vulnerability Discovered in Eurostar's AI Chatbot

A Security Issue Found on Eurostar's Website

A notable security concern has emerged on the Eurostar website, particularly related to its AI chatbot. This discovery has grabbed the attention of the European hacking community, especially as many travelers utilize the effective Interrail pass to explore the continent. A British traveler beginning their journey often boards the Eurostar, which conveniently travels through the Channel Tunnel.

Recent reports highlighting a vulnerability in the AI technology used by Eurostar, brought to light by [Ross Donald], reveal information that surpasses just the train service. The insights provided demonstrate how security measures within AI chatbots can be circumvented. The chatbot operates on Eurostar's website as a simple HTML and JavaScript client that communicates with a backend Large Language Model (LLM) via an API. API queries carry the entire conversation, as current AI models are known to lack memory of the ongoing conversational context.

Although Eurostar's developers implemented some protective measures for the bot, the flaw lay in the fact that these safeguards were applied only to the most recent message. As a result, an innocuous or blank message could be sent, concealing content from a previous message in the conversation. Ross demonstrated that the bot could return systemic information about itself by introducing HTML and JavaScript into its responses. He pointed out that the target of these outputs could only be himself, and he was unable to access data from other customers, which means that, on this front, the train operator was fortunately free from the risks associated with a data breach. However, based on his description, it is agreed that there could have been a more effective response to this revelation.