If the user clicked a “generate me a share link” button, and the button also, without letting the user know prior to the button press, enables search indexing, that is indeed a leak.

Right, but the article does. Anyway, I'm moving on. Thanks for the discussion.

in yes/no type questions, 50% success rate is the absolute worst one can do. Any worse and you're just giving an inverted correct answer more than half the time

Well yeah exactly why I said "the same risk". ideally it's going to be in the same systems... and assuming no one is stupid enough (or the laws don't let them) attach it to the publicly accessible forms of existing AIs It's not a new additional risk, just the same one. (though those assumptions are largely there own risks.

I watched a bit of Michael Alm's video on this, but noped out when I saw all of the little boxes of consumables appearing. If regular printer ink is already exorbitant, I can only imagine what these proprietary cartridges will cost.

I think the principle could be applied to scan outside of the machine. It is making requests to 127.0.0.1:{port} - effectively using your computer as a "server" in a sort of reverse-SSRF attack. There's no reason it can't make requests to 10.10.10.1:{port} as well. Of course you'd need to guess the netmask of the network address range first, but this isn't that hard. In fact, if you consider that at least as far as the desktop site goes, most people will be browsing the web behind a standard consumer router left on defaults where it will be the first device in the DHCP range (e.g. 192.168.0.1 or 10.10.10.1), which tends to have a web UI on the LAN interface (port 8080, 80 or 443), then you'd only realistically need to scan a few addresses to determine the network address range. If you want to keep noise even lower, using just 192.168.0.1:80 and 192.168.1.1:80 I'd wager would cover 99% of consumer routers. From there you could assume that it's a /24 netmask and scan IPs to your heart's content. You could do top 10 most common ports type scans and go in-depth on anything you get a result on. I haven't tested this, but I don't see why it wouldn't work, when I was testing 13ft.io - a self-hosted 12ft.io paywall remover, an SSRF flaw like this absolutely let you perform any network request to any LAN address in range.

If you want a narrative, look at all the full-price $250k Roadster pre-orders they've been holding onto for like 8 years now with zero signs of production and complete silence for the last...5 years?