Leaking YouTube creators' private videos(javoriuski.com)
625 points by javxfps 18 hours ago | 346 comments
tl;dr: Summary not available
HN Discussion:
  • Insider explanation of why YouTube dismisses the bug due to internal incentive structures
  • Prompt injection via YouTube's AI features is a clear and serious bug
  • Impact is limited because it requires user interaction similar to phishing, weakening bounty case
  • ~The vulnerability is really social engineering since the human interprets LLM output as authoritative
  • Fixing this requires retraining Gemini, so it's a systemic issue Google won't address until forced