Start your day with intelligence. Get The OODA Daily Pulse.

OpenAI’s Recent Expansion of ChatGPT Capabilities Unfortunately Includes a Cybersecurity Vulnerability “In the Wild”

WolframAlpha and OpenTable are amongst sites accessed by recently released plug-ins- supported by ChatGPT – enabling the chatbot to utilize new information sources.  Soon after the release of the plug-ins,  an exploit vulnerability – CVE-2023-28432 – which affects a tool used for machine learning, analytics, and other processes – was discovered, adding to the list of recent security incidents hitting the game-changing LLM-based chatbot:

“Threat intelligence company GreyNoise explained that the issue affects OpenAI’s popular ChatGPT tool. Last month, OpenAI added a new feature to the headline-grabbing tool that allows it to pull information from other sources.  ‘There are some concerns about the security of the example code provided by OpenAI for developers who want to integrate their plugins with the new feature,’ GreyNoise’s Matthew Remacle said.

‘While we have no information suggesting that any specific actor is targeting ChatGPT example instances, we have observed this vulnerability being actively exploited in the wild. When attackers attempt mass-identification and mass-exploitation of vulnerable services, everything is in scope, including any deployed ChatGPT plugins that utilize this outdated version of MinIO.'” (1)

Once patched. the expanded capabilities are available only after a stint on the OpenAI waiting list:  ChatGPT plugins (openai.com).

About the Exploit

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.   References to Advisories, Solutions, and Tools can be found here. (4)

What Next? 

  • This exploit vulnerability found in the wild is fast on the heels of the ChatGPT data breach of a few months ago, which prompted the Italian Internet Regulatory Agenc to ban ChatGPT, expressing security concerns.
  • Italy has since lifted the ban after OpenAI “addressed or clarified the issues raised by the Italian Data Protection Authority (or GPDP) in late March. The GPDP accused ChatGPT of unlawfully collecting users’ data and failing to prevent underage users from accessing inappropriate material, leading OpenAI to block ChatGPT in the country. The company was given 20 days to address the issues, and regulators said in mid-April that ChatGPT could return if it did so by April 30th.  Among the changes, OpenAI linked The Verge to a new form that EU users can submit to remove personal data under Europe’s General Data Protection Regulation (GDPR). It also says that a new tool will verify users’ ages upon signup in Italy, and it published a help center article that outlines how OpenAI and ChatGPT collect personal information, including information about contacting its GDPR-mandated data protection officer. (2)
  • While ChatGPT may be seminal in its technological impact, it is not immune from security breaches and vulnerabilities.  There will be growing pains – and the general advice to is run any personal and/or organization efforts to stand up ChatGPT prompt engineering capabilities with equally as enthusiastic a tracking effort of the evolving threat surface and known incidents related to the AI tool. 
  • The Verge reports that: “OpenAI says it’s taken threats posed by these plug-ins into consideration and has “implemented several safeguards,” including limiting the availability of the plug-ins to a very small number of people to start. The company’s blog post says it’ll “initially prioritize a small number of developers and ChatGPT Plus users” to get plug-in access and, [as previously mentioned] offers a sign-up for a waitlist here. (3)

Security concerns aside, The Verge reports that the plig-ins are a massive expansion of  “ChatGPT’s capabilities to let it browse the web and more:  ChatGPT now supports plug-ins that let the chatbot tap new sources of information, including the web and third-party sites like Expedia and Instacart…an upgrade that massively expands the chatbot’s capabilities and gives it access for the first time to live data from the web.  Up until now, ChatGPT has been limited by the fact it can only pull information from its training data, which ends in 2021. OpenAI says plug-ins will not only allow the bot to browse the web but also interact with specific websites, potentially turning the system into a wide-ranging interface for all sorts of services and sites. In an announcement post, the company says it’s almost like letting other services be ChatGPT’s “eyes and ears.”

In one demo video (above), someone uses ChatGPT to find a recipe and then order the necessary ingredients from Instacart. ChatGPT automatically loads the ingredient list into the shopping service and redirects the user to the site to complete the order.  OpenAI says it’s rolling out plug-in access to “a small set of users.” Initially, there are 11 plug-ins for external sites, including Expedia, OpenTable, Kayak, Klarna Shopping, and Zapier. OpenAI is also providing some plug-ins of its own, one for interpreting code and one called “Browsing,” which lets ChatGPT get information from the internet.

As an example of what the browsing plug-in can accomplish, the company shows someone asking how the box office sales of this year’s Oscar winners compare to recently released movies, and the bot shows its work for what sources it’s looking at before spitting out an answer. This is something ChatGPT would have been unable to accomplish before. (3)

https://oodaloop.com/ooda-original/2023/04/26/the-cybersecurity-implications-of-chatgpt-and-enabling-secure-enterprise-use-of-large-language-models/

https://oodaloop.com/archive/2023/04/12/after-major-data-breach-italian-data-protection-authority-temporarily-bans-chatgpt/

Daniel Pereira

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.