OpenAI says it has fixed a potentially serious ChatGPT flaw – but there could still be problems

Key Takeaways:

– Serious flaw discovered in ChatGPT that allows conversation details to be leaked to an external URL
– Researcher Johann Rehberger attempted to alert OpenAI about the flaw but received no response
– Rehberger publicly disclosed the flaw after not getting a response from OpenAI
– OpenAI released safety checks to mitigate the flaw, but it is not completely resolved
– Flaw allows malicious chatbots to exfiltrate sensitive data, including chat content, metadata, and technical data
– Secondary method involves victim submitting a prompt supplied by the attacker to exfiltrate data
– Rehberger reported the flaw in April 2023 and provided more details in November, but received no response from OpenAI
– Rehberger decided to go public with the discovery and demonstrated how a conversation with a chatbot was extracted to a third-party URL
– ChatGPT now performs checks to prevent the secondary method, but the flaw is still partially present, especially on the iOS mobile app.

TechRadar:

A researcher discovered a serious flaw in ChatGPT that allowed details from a conversation to be leaked to an external URL.

When Johann Rehberger attempted to alert OpenAI to the potential flaw, he received no response, forcing the researcher to disclose details of the flaw publicly.

Source link

AI Eclipse TLDR:

A serious flaw has been discovered in ChatGPT, an AI language model developed by OpenAI. The flaw allows malicious chatbots to leak sensitive data from conversations to an external URL. The researcher, Johann Rehberger, attempted to alert OpenAI about the flaw but received no response, so he decided to disclose the details publicly. OpenAI later released safety checks to mitigate the flaw, but they are not completely effective. The flaw allows chatbots to exfiltrate sensitive data, including chat content, metadata, and technical data. One method involves the victim submitting a prompt provided by the attacker, which then uses image markdown rendering and prompt injecting to extract the data. Rehberger reported the flaw to OpenAI in April 2023, but the ticket was closed as “Not Applicable” in November. To raise awareness, Rehberger decided to go public with his discovery, demonstrating how an entire conversation with a chatbot was extracted to a third-party URL. Although ChatGPT now performs checks to prevent the secondary method from taking place, arbitrary domains can still be rendered, making the flaw viable on the iOS mobile app.