Researchers say a flaw in a widely used legal AI assistant could allow attackers to capture logins and access sensitive case data.
Security researchers disclosed a vulnerability in Vincent, the AI assistant built into the vLex legal research platform, that could be abused to carry out phishing attacks against users. According to Cybernews, attackers could embed hidden text inside legal documents that prompts the AI to output malicious HTML, which is then rendered in the user’s browser. The technique allows a fake login interface to appear over the legitimate Vincent chat window, potentially capturing credentials entered by law firm staff.
The issue stems from indirect prompt injection, where hidden instructions are placed inside documents that are later uploaded for research or analysis. Researchers demonstrated that attackers could insert white-on-white text or concealed quotes that the AI model interprets as legitimate instructions. When Vincent processes the document and outputs the content, embedded HTML or JavaScript can execute inside the browser session. This creates a scenario where a malicious site is loaded within the AI interface, visually matching the platform’s real login screen. Because the attack occurs during normal document review, users may not realize they are interacting with attacker-controlled content.
The firm that identified the flaw said the attack chain could be used to steal credentials, session tokens, or trigger additional actions such as forced downloads or data extraction. The researchers reported the issue to vLex, which implemented changes following responsible disclosure. They advised organizations to restrict visibility of untrusted documents, limit uploads from unknown sources, and apply tighter permission controls within document collections to reduce exposure.
Prompt injection and AI output manipulation have emerged as growing concerns as generative tools are embedded into professional workflows. A 2024 paper published by the National Institute of Standards and Technology warned that AI systems that render model output directly in user interfaces can expose organizations to phishing and code execution risks if input and output handling are not tightly controlled. As legal and healthcare platforms expand AI-driven document analysis, security researchers expect similar issues to surface across other enterprise tools.
It is a technique where malicious instructions are hidden inside data that an AI system later processes, causing the model to behave in unintended ways.
Documents are often treated as trusted inputs, especially when sourced during research or case preparation, which lowers suspicion.
Yes. If credentials or session tokens are captured, attackers may gain access to internal systems or sensitive client files.
No. Any AI system that processes untrusted documents and renders output in a browser could face similar risks.
They can restrict document sources, limit visibility of unverified files, apply strict permissions, and review how AI output is rendered in user interfaces.