OpenAI’s Custom Chatbots Are Leaking Their Secrets

Creating your own AI chatbot no longer requires coding skills. OpenAI has made it possible for anyone to build and publish their custom versions of ChatGPT, also known as “GPTs”, since the beginning of November. Thousands of these custom GPTs have been created, each with its unique capabilities. For example, there’s a GPT dedicated to providing advice on remote work and living, another that claims to search through 200 million academic papers to answer questions, and even one that can morph you into a Pixar character.

However, these custom GPTs have a vulnerability that can lead to the exposure of their internal data. Security researchers and technologists investigating these chatbots have succeeded in extracting the initial instructions given to them during creation, as well as accessing and downloading the files used to customize the chatbots. Experts warn that this could potentially put people’s personal information or proprietary data at risk.

Jiahao Yu, a computer science researcher at Northwestern University, emphasizes the need to take the privacy concerns of file leakage seriously. “Even if they do not contain sensitive information, they may contain some knowledge that the designer does not want to share with others, and that serves as the core part of the custom GPT,” says Yu.

Yu and his fellow researchers at Northwestern tested more than 200 custom GPTs, finding it “surprisingly straightforward” to extract information from them. “Our success rate was 100 percent for file leakage and 97 percent for system prompt extraction, achievable with simple prompts that don’t require specialized knowledge in prompt engineering or red-teaming,” Yu explains.

Creating custom GPTs is designed to be user-friendly. OpenAI allows individuals with a subscription to easily create these GPTs, also known as AI agents, for personal use or for publishing on the web. The company also plans to enable developers to earn money based on the usage of these GPTs.

To create a custom GPT, users can interact with ChatGPT and specify the desired functions of the custom bot without the need for coding. This involves providing instructions on the bot’s behaviors, limitations, and potential capabilities. For instance, a bot specializing in answering US tax law queries could be instructed to refrain from answering unrelated questions or questions about other countries’ laws. Additionally, users can enhance the chatbot’s knowledge by uploading specific documents, such as providing the US tax-bot with files detailing the workings of the law. Integration of third-party APIs can also expand the data access and functionalities of a custom GPT.

Source link

Leave a Comment