Thanks to new ChatGPT updates like the Code Interpreter,hairy man and sex together video OpenAI's popular generative artificial intelligence is rife with more security concerns. According to research from security expert Johann Rehberger (and follow-up work from Tom's Hardware), ChatGPT has glaring security flaws that stem from its new file-upload feature.
This Tweet is currently unavailable. It might be loading or has been removed.
OpenAI's recent update to ChatGPT Plus added a myriad of new features, including DALL-E image generation and the Code Interpreter, which allows Python code execution and file analysis. The code is created and run in a sandbox environment that is unfortunately vulnerable to prompt injection attacks.
SEE ALSO: OpenAI's Sam Altman breaks silence on AI executive orderA known vulnerability in ChatGPT for some time now, the attack involves tricking ChatGPT into executing instructions from a third-party URL, leading it to encode uploaded files into a URL-friendly string and send this data to a malicious website. While the likelihood of such an attack requires specific conditions (e.g., the user must actively paste a malicious URL into ChatGPT), the risk remains concerning. This security threat could be realized through various scenarios, including a trusted website being compromised with a malicious prompt — or through social engineering tactics.
You May Also Like
Tom's Hardware did some impressive work testing just how vulnerable users may be to this attack. The exploit was tested by creating a fake environment variables file and using ChatGPT to process and inadvertently send this data to an external server. Although the exploit's effectiveness varied across sessions (e.g., ChatGPT sometimes refused to load external pages or transmit file data), it raises significant security concerns, especially given the AI's ability to read and execute Linux commands and handle user-uploaded files in a Linux-based virtual environment.
Related Stories
- Cyberattack to blame for major ChatGPT outage
- ChatGPT Plus users reporting issues since the DALL-E 3 upgrade
- OpenAI's Sam Altman breaks silence on AI executive order
- Humane launches 'Ai Pin,' a screenless wearable powered by OpenAI
- OpenAI is being sued for training ChatGPT with 'stolen' personal data
As Tom's Hardware states in its findings, despite seeming unlikely, the existence of this security loophole is significant. ChatGPT should ideally notexecute instructions from external web pages, yet it does. Mashablereached out to OpenAI for comment, but it did not immediately respond to our request.
Topics Artificial Intelligence ChatGPT OpenAI