You don’t have to possess coding skills to develop your AI chatbot. Since early November, OpenAI has allowed individuals to construct and release personalized versions of ChatGPT, referred to as “GPTs.” These customized GPTs cover a wide range of functionalities, such as offering remote work advice, searching academic papers, and transforming users into Pixar characters. However, these tailored GPTs are susceptible to unintentional data leakage, potentially compromising personal or proprietary information.
Jiahao Yu, a computer science researcher at Northwestern University, emphasizes the significance of privacy concerns related to file leakage, stating, “Even if they do not contain sensitive information, they may contain some knowledge that the designer does not want to share with others, and [that serves] as the core part of the custom GPT.”
Researchers at Northwestern tested over 200 custom GPTs and found it surprisingly easy to extract information from them. Yu notes, “Our success rate was 100 per cent for file leakage and 97 per cent for system prompt extraction, achievable with simple prompts that don’t require specialized knowledge in prompt engineering or red-teaming.”
Creating custom GPTs is intentionally uncomplicated, requiring users with an OpenAI subscription to message ChatGPT and specify the desired functionality. However, the simplicity of this process raises concerns about data security. While the information given to custom GPTs may often be inconsequential, in some cases, it may include sensitive data, such as “salary and job descriptions.”
Prompt injections, a method akin to jailbreaking, enable unauthorized access to instructions and files. Alex Polyakov, CEO of AI security firm Adversa AI, warns that these vulnerabilities can be exploited with basic proficiency in English. OpenAI, in response to these issues, emphasizes its commitment to user privacy and ongoing efforts to enhance safety measures.
Despite advancements in mitigating vulnerabilities, researchers note that extracting information from GPTs remains a concern, and as more users create custom GPTs, awareness of potential privacy risks becomes crucial. Yu suggests the need for increased warnings about the risk of prompt injections, emphasizing that many designers may not realize the potential extraction of uploaded files, assuming they are only for internal reference.
