A very good read from a respected source!
REPORT. ASSESSING PROMPT INJECTION RISKS IN 200+ CUSTOM GPTS
ABSTRACT
In the rapidly evolving landscape of artificial intelligence, ChatGPT has been widely used in various applications. The new feature — customization of ChatGPT models by users to cater to specific needs has opened new frontiers in AI utility. However, this study reveals a significant security vulnerability inherent in these user-customized GPTs: prompt injection attacks. Through comprehensive testing of over 200 user-designed GPT models via adversarial prompts, we demonstrate that these systems are susceptible to prompt injections. Through prompt injection, an adversary can not only extract the customized system prompts but also access the uploaded files. This paper provides a first-hand analysis of the prompt injection, alongside the evaluation of the possible mitigation of such attacks. Our findings underscore the urgent need for robust security frameworks in the design and deployment of customizable GPT models. The intent of this paper is to raise awareness and prompt action in the AI community, ensuring that the benefits of GPT customization do not come at the cost of compromised security and privacy.
3. OUR METHOD
We propose a method for prompt injection, as depicted in Figure 1. This method is comprised of three steps: (1) scanning custom GPTs, (2) injecting adversarial prompts, and (3) extracting target information.
LEARN MORE;
- WIRED. OpenAI’s Custom Chatbots Are Leaking Their Secrets.
- Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.
- You don’t need to know how to code to create your own AI chatbot. Since the start of November—shortly before the chaos at the company unfolded—OpenAI has let anyone build and publish their own custom versions of ChatGPT, known as “GPTs”. Thousands have been created: A “nomad” GPT gives advice about working and living remotely, another claims to search 200 million academic papers to answer your questions, and yet another will turn you into a Pixar character.