Scroll Top

OpenAI’s updates show big tech can destroy your statrtup at any time

0 3

By Matthew Griffin Opinion 21st November 2023

WHY THIS MATTERS IN BRIEF

By being able to call and interact with third party systems, AI’s, apps, scripts, websites, and more hackers have found a new way to hack “everything.”

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

OpenAI’s recent update to ChatGPT Plus added a myriad of new features, including DALL-E image generation and the Code Interpreter, which allows Python code execution and file analysis. The code is created and run in a sandbox environment that is unfortunately vulnerable to prompt injection attacks.

Amazon CEO Jeff Bezos has kept the same message to Wall Street for 22 years

A known vulnerability in ChatGPT for some time now, the attack involves tricking ChatGPT into executing instructions from a third-party URL, leading it to encode uploaded files into a URL-friendly string and send this data to a malicious website. While the likelihood of such an attack requires specific conditions, for example, the user must actively paste a malicious URL into ChatGPT, the risk remains concerning. This security threat could be realized through various scenarios, including a trusted website being compromised with a malicious prompt — or through social engineering tactics.

The Future of Cyber Security 2030, by Keynote Matthew Griffin

Tom’s Hardware did some impressive work testing just how vulnerable users may be to this attack. The exploit was tested by creating a fake environment variables file and using ChatGPT to process and inadvertently send this data to an external server.

IBM pushes the boundaries and unveils the world's first 2nm computer chip

Although the exploit’s effectiveness varied across sessions, E.G.: ChatGPT sometimes refused to load external pages or transmit file data, it raises significant security concerns, especially given the AI’s ability to read and execute Linux commands and handle user-uploaded files in a Linux-based virtual environment.

👉 Good opportunity to raise awareness around prompt injection and data exfilration issues.

I’m lazy, paste in this URL in your ChatGPT and send it to me. 🙂#chatgpt #infosec https://t.co/SogGZh8cji pic.twitter.com/Dh95xIK4qy

— Johann Rehberger (@wunderwuzzi23) November 10, 2023

As Tom’s Hardware states in its findings, despite seeming unlikely, the existence of this security loophole is significant. ChatGPT should ideally not execute instructions from external web pages, yet it does.

Related

Bots Entrepreneurship GPT4 Jasper AI Marketing OpenAI Startups Stripe Technology Industry Wrapper Startups

Matthew Griffin / About Author

Matthew Griffin, described as a "Walking encyclopaedia of the future" by NASA and a futurist polymath, is one of the world's most renowned futurists and strategic foresight experts. A serial entrepreneur Matthew is the Founder and Futurist in Chief of the 311 Institute, a global Futures and Deep Futures advisory firm working across the next 50 years, XPotential University, the world's first free futures and foresight university, and the World Futures Forum which works with the United Nations to solve the worlds greatest challenges. 13 times author of the Codex of the Future series, Matthew is an in demand international keynote, acclaimed university lecturer, and host of the hit Fanatical Futurist podcast.

A rare talent in his past Matthew helped build and run several multi-billion dollar business units for Atos, Dell-EMC, and IBM, and his ability to identify, track, and explain the impacts of hundreds of emerging technologies and trends on global business, culture, and society has earned him a powerful reputation and a roster of clients that include royal households, world leaders, G7, G20, and G77+ governments, and many of the world's most respected brands including ABB, Accenture, Adidas, AON, ARM, BCG, Centrica, Citi Group, Coca Cola, Dentons, Deloitte, Disney, EY, KPMG, Lego, Legal & General, LinkedIn, Microsoft, Pepsi Co, Qualcomm, RWE, Samsung, T-Mobile, UBS, VISA, and many others. He was also the only futurist invited to talk at the UN COP28 held in Dubai alongside world leaders.

Regularly featured in the global media including the AP, BBC, Bloomberg, CNBC, Discovery, Forbes, Khaleej Times, Telegraph, TIME, ViacomCBS, WIRED, and the WSJ, Matthews mission is to help organisations create a fair and sustainable future whose benefits are shared by everyone irrespective of their ability, background, or circumstances.

More posts by Matthew Griffin

Related Posts

Leave a comment Cancel reply

FREE! DOWNLOAD THE 2024 EMERGING TECHNOLOGY AND TRENDS CODEXES!DOWNLOAD

+

Awesome! You're now subscribed.

Pin It on Pinterest

Share This