Versions Compared

Old Version 20

changes.mady.by.user Amineh Akhavan Saraf

Saved on

compared with

New Version Current

changes.mady.by.user Amineh Akhavan Saraf

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Risk: Since policies are enforced through cryptographic protocols rather than natural language interpretation, making prompt injection harder. But if the wallet uses AI-driven assistants or automated decision-making (e.g., for verifying credentials or guiding users), attackers can craft malicious prompts to manipulate the AI’s logic.  

    Even if the wallet itself is secure, any connected AI-based helpdesk or verification service could be exploited via prompt injection.

  • Solution: Apply prompt hardening techniques, context isolation, and strict input validation. Use allowlists/denylists and sandbox testing for untrusted inputs.

Data Leakage and Membership Inference*

  • Risk: If identity-related data is used to train AI models, attackers may infer sensitive attributes or reconstruct original data through model inversion or membership inference attacks. 

    If the wallet uses AI services (e.g., for fraud detection, identity verification, or UX personalization), sensitive identity data might be exposed during model training or inference. If wallet operations involve external AI APIs, data could leak through logs or model updates. Even if raw data isn’t shared, patterns in queries or metadata could allow attackers to infer user attributes. e.g your AI tools on your mobile phone have access to your ID wallet!!


    If AI is integrated for convenience (e.g., chatbots or automated KYC), and those models access identity data, leakage and inference risks reappear. Metadata (timestamps, transaction patterns) can still be exploited for inference even if credentials are protected.

  • Solution:
  • Enforce
    • data minimization,
  • data minimization→ wallet selective dislousure is already there to solve ths problem but by using AI data can reveal werden. (is it really a solution?)
  • segregate sensitive datasets
    • ,
  • adopt privacy-preserving training methods* (e.g., differential privacy), and secure the entire data lifecycle.

Misinformation and Social Engineering

...

AI models can inherit biases, leading to unfair denials of access for specific demographic groups. The system is also vulnerable to adversarial attacks designed to fool it.

*

Membership Inference (or Membership Inference Attack, often shortened to MIA) is a type of privacy attack against machine‑learning models. In this attack, someone (an attacker) tries to figure out whether a specific data sample was part of the model’s training data. In simple words: The attacker wants to know “Was this person’s data used to train the model?” If the attacker can guess this correctly, they can learn private information about individuals.

Privacy-preserving training methods →  Privacy‑preserving training methods are techniques used in machine learning and AI to ensure that sensitive information from the training data cannot be reconstructed, identified, or leaked, while still allowing the model to learn useful patterns.like :

...