OpenAI's latest updates introduce a huge new security risk

0 14

By Matthew Griffin Security and Privacy 22nd November 2023

WHY THIS MATTERS IN BRIEF

By being able to call and interact with third party systems, AI’s, apps, scripts, websites, and more hackers have found a new way to hack “everything.”

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

OpenAI’s recent update to ChatGPT Plus added a myriad of new features, including DALL-E image generation and the Code Interpreter, which allows Python code execution and file analysis. The code is created and run in a sandbox environment that is unfortunately vulnerable to prompt injection attacks.

Two algorithms left to their own devices ended up colluding with one another

A known vulnerability in ChatGPT for some time now, the attack involves tricking ChatGPT into executing instructions from a third-party URL, leading it to encode uploaded files into a URL-friendly string and send this data to a malicious website. While the likelihood of such an attack requires specific conditions, for example, the user must actively paste a malicious URL into ChatGPT, the risk remains concerning. This security threat could be realized through various scenarios, including a trusted website being compromised with a malicious prompt — or through social engineering tactics.

The Future of Cyber Security 2030, by Keynote Matthew Griffin

Tom’s Hardware did some impressive work testing just how vulnerable users may be to this attack. The exploit was tested by creating a fake environment variables file and using ChatGPT to process and inadvertently send this data to an external server.

Doctors get a powerful new AI tool to help them diagnose ADHD faster

Although the exploit’s effectiveness varied across sessions, E.G.: ChatGPT sometimes refused to load external pages or transmit file data, it raises significant security concerns, especially given the AI’s ability to read and execute Linux commands and handle user-uploaded files in a Linux-based virtual environment.

👉 Good opportunity to raise awareness around prompt injection and data exfilration issues.

I’m lazy, paste in this URL in your ChatGPT and send it to me. 🙂#chatgpt #infosec https://t.co/SogGZh8cji pic.twitter.com/Dh95xIK4qy

— Johann Rehberger (@wunderwuzzi23) November 10, 2023

As Tom’s Hardware states in its findings, despite seeming unlikely, the existence of this security loophole is significant. ChatGPT should ideally not execute instructions from external web pages, yet it does.

Matthew Griffin / About Author

Matthew Griffin, described as “The Adviser behind the Advisers” and a “Young Kurzweil,” is the founder and CEO of the World Futures Forum and the 311 Institute, a global Futures and Deep Futures consultancy working across the next 50 years, and is an award winning futurist, and author of “Codex of the Future” series.

Regularly featured in the global media, including AP, BBC, Bloomberg, CNBC, Discovery, RT, Viacom, and WIRED, Matthew’s ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past six years as one of the world’s foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive, sustainable future.

A rare talent Matthew’s recent work includes mentoring Lunar XPrize teams, re-envisioning global education and training with the G20, and helping the world’s largest organisations envision and ideate the future of their products and services, industries, and countries.

Matthew's clients include three Prime Ministers and several governments, including the G7, Accenture, Aon, Bain & Co, BCG, Credit Suisse, Dell EMC, Dentons, Deloitte, E&Y, GEMS, Huawei, JPMorgan Chase, KPMG, Lego, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, T-Mobile, and many more.