Nebula XAI

Experience the future artificial intelligence

Exposing Sora 2: Mindgard Uncovers Audio Vulnerability in OpenAI’s Video Tool

Alan Kimura

In the evolving landscape of artificial intelligence, security vulnerabilities can often lurk where least expected. Recently, AI security firm Mindgard uncovered a startling flaw in OpenAI’s Sora 2 model that allows sensitive system prompts to leak via audio transcripts. This revelation not only raises questions about AI safety but also highlights the need for stringent security measures in AI development.

## The Discovery of Hidden Prompts

A study initiated by Mindgard on November 3, 2025, and published just days later, unveiled an unconventional method for extracting Sora 2’s internal guidelines. These guidelines, also known as the system prompt, dictate the boundaries of the AI’s operations and responses. Researchers at Mindgard, led by Aaron Portnoy, aimed to explore various avenues to expose these hidden rules.

The team experimented with text, images, video, and audio, trying to gather insights from Sora 2’s outputs. However, the results were often less than satisfactory. Text displayed in Sora 2’s videos would quickly degrade, becoming illegible as the video progressed. This phenomenon, described as “semantic drift,” illustrates the challenges faced when extracting information through visual media.

## Audio: The Key to Unraveling Secrets

Amidst their trials, Mindgard’s researchers found that audio generation offered the clearest path to recovery. By prompting Sora 2 to vocalize segments of its internal instructions, they could compile transcripts that revealed crucial details about its operational framework. This approach proved to be highly effective, allowing them to reconstruct a nearly complete set of foundational instructions.

The team cleverly used audio speed adjustments to fit more information into the brief 10 to 15-second clips that Sora 2 generates. This method yielded a high-fidelity recovery of the system prompt, including guidelines that instruct the AI to avoid generating “sexually suggestive visuals or content.” Through this process, they accessed a detailed set of the model’s core configuration codes, which are essential for understanding how the AI operates.

## Implications for AI Security

The implications of Mindgard’s findings are significant. Despite Sora 2’s robust safety training, the ability to extract core settings through innovative prompts raises alarms about the potential for information leakage. Such vulnerabilities in multi-modal models like Sora 2 can create new pathways for sensitive information to slip through the cracks.

In response to these findings, Mindgard provided essential recommendations for AI developers. They advised treating system prompts as confidential settings, rigorously testing audio and video outputs for potential leaks, and limiting the length of AI responses. Additionally, users of AI technology should be proactive, asking vendors about the privacy of operational rules and ensuring that all outputs are adequately protected.

In a world increasingly reliant on artificial intelligence, maintaining security while fostering innovation is a delicate balance. Mindgard’s study highlights the urgent need for continued vigilance in AI security practices. As we venture deeper into this digital age, understanding the vulnerabilities that accompany advanced AI systems is paramount in safeguarding both technology and its users.

Related posts:

Navigating the Digital Landscape: Key Topics and Emerging Technologies TikTok Tackles AI: New Controls Let You Tune Out (or Crank Up!) AI-Generated Content AI “Slop” Backlash: Are Marketers Ignoring a Looming Authenticity Crisis? TikTok Gives Users Control Over AI Content: Less AI in Your Feed?

Generative AI GPT Perplexity Comet AI Semiconductor AI Sora AI Stable Diffusion