Critical vulnerabilities were discovered in Lenovo’s AI-powered customer support chatbot, **Lena**, which leverages OpenAI’s GPT-4. The flaw stemmed from improper input and output sanitization, exposing the system to **cross-site scripting (XSS) attacks**. Security researchers at **Cybernews** demonstrated that attackers could exploit this by injecting malicious code via a **400-character prompt**, tricking the AI into generating harmful HTML content. This enabled threat actors to **steal session cookies**, potentially granting unauthorized access to Lenovo’s **customer support systems**.The vulnerability highlighted significant risks in poorly secured AI implementations, particularly as enterprises accelerate AI adoption. While no evidence of active exploitation was reported, the flaw posed a serious threat to **customer data integrity** and **system security**. Had attackers successfully leveraged this, they could have compromised **user sessions**, accessed sensitive support-related information, or escalated privileges within Lenovo’s infrastructure. The incident underscores the urgency for robust **AI security frameworks** to prevent such exposures in high-stakes enterprise environments.
TPRM report: https://www.rankiteo.com/company/lenovo
"id": "len532082025",
"linkid": "lenovo",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology (Hardware/Software)',
'location': 'Global (HQ: Hong Kong/China, Operations: '
'Worldwide)',
'name': 'Lenovo',
'size': 'Large (Multinational)',
'type': 'Corporation'}],
'attack_vector': 'Malicious Prompt Injection (400-character payload)',
'data_breach': {'data_exfiltration': 'Potential (via XSS)',
'personally_identifiable_information': 'Potential (via '
'Session Cookies)',
'sensitivity_of_data': 'High (Session Hijacking Risk)',
'type_of_data_compromised': ['Session Cookies']},
'description': 'Critical vulnerabilities were discovered in Lenovo’s '
"AI-powered customer support chatbot, 'Lena' (powered by "
'OpenAI’s GPT-4), allowing attackers to steal session cookies '
'and potentially gain unauthorized access to customer support '
'systems via a single malicious 400-character prompt. The flaw '
'stemmed from improper input/output sanitization, enabling '
'cross-site scripting (XSS) attacks by injecting malicious '
'code through crafted prompts, which tricked the AI into '
'generating harmful HTML content. The incident highlights '
'security risks in poorly implemented AI chatbots as '
'organizations rapidly adopt AI in enterprise environments.',
'impact': {'brand_reputation_impact': 'High (Warning About AI Security Risks '
'in Enterprise Adoption)',
'data_compromised': ['Session Cookies',
'Potential Unauthorized Access to Customer '
'Support Systems'],
'identity_theft_risk': 'Potential (via Stolen Session Cookies)',
'operational_impact': 'Potential Unauthorized Access to Customer '
'Support Systems',
'systems_affected': ["Lenovo AI Chatbot 'Lena' (GPT-4 Powered)"]},
'initial_access_broker': {'entry_point': "AI Chatbot ('Lena') via Malicious "
'Prompt',
'high_value_targets': ['Customer Support Systems',
'Session Cookies']},
'investigation_status': 'Disclosed by Cybernews Researchers (No Further '
'Updates)',
'lessons_learned': 'The incident underscores the critical need for robust '
'input/output sanitization in AI-powered systems, '
'especially in customer-facing applications. Rapid AI '
'adoption in enterprises must be accompanied by rigorous '
'security testing to mitigate risks like XSS and prompt '
'injection attacks.',
'post_incident_analysis': {'root_causes': ['Lack of Input/Output Sanitization '
'in AI Chatbot',
'Over-reliance on Third-Party AI '
'Model (GPT-4) Without Adequate '
'Security Controls',
'Insufficient Security Testing for '
'Prompt Injection '
'Vulnerabilities']},
'recommendations': ['Implement strict input/output sanitization for AI '
'chatbots to prevent XSS and prompt injection.',
'Conduct regular security audits and penetration testing '
'for AI systems, particularly those integrated with '
'third-party models (e.g., GPT-4).',
'Adopt secure coding practices for AI/ML applications, '
'including context-aware filtering for dynamic content '
'generation.',
'Monitor and limit the length/complexity of user prompts '
'to mitigate injection risks.',
'Educate developers and security teams on emerging '
'AI-specific threats (e.g., prompt hacking, model '
'manipulation).'],
'references': [{'source': 'Cybernews'}],
'title': 'Critical XSS Vulnerabilities in Lenovo’s AI-Powered Customer '
"Support Chatbot 'Lena'",
'type': ['Vulnerability Exploitation',
'Cross-Site Scripting (XSS)',
'AI Security Flaw'],
'vulnerability_exploited': 'Improper Input/Output Sanitization in AI Chatbot '
'(XSS)'}