OpenAI Patches Critical ChatGPT Security Holes, Averting Potential User Account Hijacks

In a recent revelation, security researchers have uncovered multiple security vulnerabilities in OpenAI's ChatGPT that could potentially lead to account takeovers of unwitting users.

What Happened: According to a report on Imperva on Tuesday, researchers identified two cross-site scripting (XSS) vulnerabilities and other security issues in ChatGPT. Malicious hackers could exploit these vulnerabilities to hijack a user’s account.

ChatGPT allows users to upload files and query them. The research firm found that the feature that processes these files and provides a clickable citation icon could be manipulated. Depending on the file contents, the ChatGPT feature that manages it could potentially pose a security threat.

See Also: OpenAI, Closed Source? Elon Musk Takes Aim At Sam Altman After Sora AI Reveal

However, exploiting this vulnerability is not straightforward. It requires the user to upload a harmful file, engage with ChatGPT in a way that prompts it to quote from this file, and then click the citation to trigger the vulnerability.

The research firm reported these vulnerabilities to OpenAI and noted that they were fixed by the AI startup "within hours."

Why It Matters: This discovery comes in the wake of increasing concerns about using AI tools like ChatGPT in cyberattacks.

Earlier in February, Microsoft Corp. MSFT and OpenAI revealed that hackers used large language models like ChatGPT to refine their cyberattacks. Notably, hackers from countries like Russia, North Korea, Iran, and China were found to be using tools like ChatGPT to research targets, improve scripts, and help build social engineering techniques.

OpenAI had previously launched a $20K Bug Bounty Initiative to encourage users to find flaws in its AI systems. The recent discovery of vulnerabilities in ChatGPT underscores the importance of such initiatives in ensuring the security of AI systems.

Check out more of Benzinga’s Consumer Tech coverage by following this link.

Read Next: Four Testicles And Nonsense Labels: AI Botches Rat Illustration In Published Scientific Paper

Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.

Photo courtesy: Shutterstock

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!