Thanks for explaining this. I guess it would also work with "private" instances of ChatGPT or equivalent system, as long as the user input is not sanitized ...
Thanks for watching. I’m not sure how private instances work (or what they exactly are), but presumably yes, unless they put a configurable Content Security Policy or some other fix in place to not allow images to render/connect.
It was just a script that filters the web server log for requests from ChatGPT user agent and only shows the query parameter and no request IP - so it's easier to view. You can just grep /var/log/ngninx/access.log also (assuming you use nginx on Linux). I can see if I still have the script somewhere but it wasn't anything special.
I'm sorry I am not a coder, so I am having difficulty understanding the vulnerability here. Are you implying that developers of various plugins for chatgpt could gather the chat history of their plugin users, through these methods?
Thanks for watching! It’s not only the plugin/tool developer but whoever controls a piece of text you bring into the chat context. We call this Indirect Prompt Injection. This can be a comment on a website you summarize, a part of a PDF document, a RUclips transcript, copy/pasting untrusted data from somewhere, an image with hidden instructions, etc… I have lots of real world examples on my blog if you are curious to learn more.
I see, that's very clever. Thanks for the explanation and brining this to attention. I think as various AI systems become more prevalent in their use by the masses, we can expect a new field of AI vulnerability hunting to emerge for sure. Like "social engineering" for AI. Honestly now that I think about it in how complex these systems can get in the future and their inevitable use in more integrated technologies.... this can become immense headache for all cybersecurity professionals.
nice video
Thanks for the visit! Glad you liked it
Great work!!
Thanks for watching! Appreciate the note. :)
@@embracethered as a non-technical person such content helps a lot to understand the real life threats of LLM vulnerabilites, described e.g. in OWASP
Thanks for explaining this.
I guess it would also work with "private" instances of ChatGPT or equivalent system, as long as the user input is not sanitized ...
Thanks for watching. I’m not sure how private instances work (or what they exactly are), but presumably yes, unless they put a configurable Content Security Policy or some other fix in place to not allow images to render/connect.
Can you please share what .py file you has run on this video to monitor chatgpt3.5 chat (print-data-exfiltration-log.py) under code
please share
It was just a script that filters the web server log for requests from ChatGPT user agent and only shows the query parameter and no request IP - so it's easier to view. You can just grep /var/log/ngninx/access.log also (assuming you use nginx on Linux). I can see if I still have the script somewhere but it wasn't anything special.
I'm sorry I am not a coder, so I am having difficulty understanding the vulnerability here. Are you implying that developers of various plugins for chatgpt could gather the chat history of their plugin users, through these methods?
Thanks for watching! It’s not only the plugin/tool developer but whoever controls a piece of text you bring into the chat context. We call this Indirect Prompt Injection.
This can be a comment on a website you summarize, a part of a PDF document, a RUclips transcript, copy/pasting untrusted data from somewhere, an image with hidden instructions, etc… I have lots of real world examples on my blog if you are curious to learn more.
I see, that's very clever. Thanks for the explanation and brining this to attention. I think as various AI systems become more prevalent in their use by the masses, we can expect a new field of AI vulnerability hunting to emerge for sure. Like "social engineering" for AI. Honestly now that I think about it in how complex these systems can get in the future and their inevitable use in more integrated technologies.... this can become immense headache for all cybersecurity professionals.