Ben Nassi

Security researcher. Author of two papers with direct relevance to this wiki:

“Invitation Is All You Need” (BlackHat, prior year) — demonstrated indirect prompt injection through Google Calendar invites against Gemini. The attack: an attacker plants a hidden payload in a Google Calendar invite; nothing happens until the user asks the agent something benign like “what’s on my schedule today?”; the agent ingests the invite, follows the hidden instructions, and (in Lidzborski’s deployment context) extends the impact to smart-home control. Cited extensively in Lidzborski’s Workspace talk.

“Promptware Kill Chain” (March 2026, “released very recently” at the time of [un]prompted) — the academic framing for the Promptware concept: analyzing prompt injection not as an atomic event but as the initial phase of a multi-stage attack chain with its own persistence and exfiltration phases. Johann Rehberger credits this paper in his [un]prompted 2026 talk (“Your Agent Works for Me Now”) as the academic parallel to his practitioner Promptware framing.

Stub

This page is a stub. Background, affiliation, and the full citation for the Promptware Kill Chain paper need to be researched. The “Invitation Is All You Need” research warrants its own paper page once primary sources are available. Rehberger also cites “Steph Cohen and a few others” as co-authors on that paper — full author list needs verification.