Imprompter, the latest work in this direction, is available at https://imprompter.ai and has been covered by WIRED here. In this work, we show real-world attacks on Mistral LeChat and ChatGLM. Mistral AI, has acknowledged our contribution and addressed this issue by disabling the markdown image rendering feature in LeChat. See changelog of Lechat on Sep 13 2024.
Image-based attack (as described in the abstract) paper, which is an older work, is available on arxiv with code at github.