科技创新!
OpenAI releases ChatGPT data leak patch, but the issue isn't completely fixed
We've said it before,and we'll sayit again: Don't input anything into ChatGPT that you don't want unauthorized parties to read.
Since OpenAI released ChatGPT last year, there have been quite a few occasions where flaws in the AI chatbot could've been weaponized or manipulated by bad actors to access sensitive or private data. And this latest example shows that even after a security patch has been released, problems can still persist.
According to a report by Bleeping Computer, OpenAI has recently rolled out a fix for an issue where ChatGPT could leak users' data to unauthorized third parties. This data could include user conversations with ChatGPT and corresponding metadata like a user's ID and session information.
However, according to security researcher Johann Rehberger, who originally discovered the vulnerability and outlined how it worked, there are still gaping security holes in OpenAI's fix. In essence, the security flaw still exists.
The ChatGPT data leak
Rehberger was able to take advantage of OpenAI's recently released and much-lauded custom GPTsfeature to create his own GPT, which exfiltrated data from ChatGPT. This was a significant finding as custom GPTs are being marketed as AI apps akin to how the iPhone revolutionized mobile applications with the App Store. If Rehberger could create this custom GPT, it seems like bad actors could soon discover the flaw and create custom GPTs to steal data from their targets.
Rehberger says he first contactedOpenAI about the "data exfiltration technique" way back in April. He contacted OpenAI once again in November to report exactly how he was able to create a custom GPT and carry out the process.
On Wednesday, Rehberger posted an updateto his website. OpenAI had patched the leak vulnerability.
"The fix is not perfect, but a step into the right direction," Rehberger explained.
The reason the fix isn't perfect is that ChatGPT is still leaking data through the vulnerability Rehberger discovered. ChatGPT can still be tricked into sending data.
"Some quick tests show that bits of info can steal [sic] leak," Rehberger wrote, further explaining that "it only leaks small amounts this way, is slow and more noticeable to a user." Regardless of the remaining issues, Rehberger said it's a "step in the right direction for sure."
But, the security flaw still remains entirely in the ChatGPT apps for iOS and Android, which have yet to be updated with a fix.
ChatGPT users should remain vigilant when using custom GPTs and should likely pass on these AI apps from unknown third parties.
友链
外链
互链
Copyright © 2023 Powered by
OpenAI releases ChatGPT data leak patch, but the issue isn't completely fixed-寸地尺天网
sitemap
文章
45
浏览
7674
获赞
579
热门推荐
Trump just tweeted a pic of his head on Rocky's shirtless body. What the hell is happening?
What, and I simply can't stress this next part enough, the hell did Trump just do?It's the WednesdayThailand sentences man to 35 years in jail for Facebook posts about the royal family
A Thai man has been sentenced to 35 years in jail for Facebook posts he made that insulted the royalTerrifying 'Dolphin Attack' can secretly hijack your smart speaker
As if we needed more reasons to be freaked out by increasingly powerful digital assistants, there'sListen to the audio of a Republican candidate for Congress bodyslam a journalist
This post was updated to reflect an eyewitness report from Fox News. So 2017 has reached a new low.OHere’s how Apple will make your iPhone 12 pickup coronavirus
Apple’s new iPhone 12lineup begins dropping Oct. 23. The company’s latest mobile phone mFacebook's 'People You May Know' feature is creepy as hell
Is there a bigger misnomer in tech than Facebook's "People You May Know"? A more accurate name wouldGood internet samaritan will tweet your rude subtweet so you don't have to
When the urge to subtweet is too great to bear, step back, take a deep breath and DM someone who'llJerry Seinfeld awkwardly denying Kesha a hug is like a modern day 'Seinfeld' plot
Seinfeld might have ended almost 20 years ago, but Jerry Seinfeld's penchant for awkward human interNo Mercy: SEC charges rapper T.I. over cryptocurrency scam
It would seem T.I. left a paper trail. The Securities and Exchange Commission (SEC) on Friday announJ.K. Rowling and Stephen King join forces to troll Donald Trump
For a long time now, both J.K. Rowling and Stephen King have been waging their own private Twitter wWhy Bernie Sanders is delighted about the UK election results
Former Democratic presidential candidate Bernie Sanders and Labour leader Jeremy Corbyn have a lot iSafari update will make it harder for Facebook to track you
Apple is not here for Facebook's bullshit. The Tim Cook-helmed behemoth announced today at its annuaiPhone users can use Live View in Google Maps to better share locations
Augmented reality in Google Maps brings digital arrows, pins, and markers right in front of you as yOuch. James Comey broke a date with his wife to have that awful dinner with Trump.
Of all the fascinating details revealed during James Comey's Senate testimony on Thursday, there's oSarah Hyland responds to body shamers with powerful message
Sarah Hyland has an important message for everyone telling her to eat burgers.In an moving essay pos