David Bridges
In October, OpenAI’s ChatGPT Search was launched for ChatGPT Plus users, marking a significant upgrade in the capabilities of this AI tool. Just last week, it became accessible to all users, enhancing the search experience even further by incorporating Voice Mode. However, it’s essential to recognize that this feature is not without its challenges and limitations, which are crucial for users to understand as they navigate the new functionalities.
The Guardian conducted an investigation where they asked ChatGPT to summarize webpages containing hidden content. This revealed a concerning issue known as prompt injection, where external parties can manipulate the prompts that ChatGPT uses to generate responses. For instance, imagine a webpage filled with negative reviews of a restaurant. If the site also embeds hidden content praising the restaurant and subtly instructing ChatGPT to provide a positive summary, the AI may prioritize that hidden information over the actual negative reviews. This manipulation can significantly skew the perceived quality of a service.
ChatGPT plugins face ‘prompt injection’ risk from third-parties
In one specific test, ChatGPT was presented with the URL of a fabricated website designed to resemble a product page for a camera. The AI was queried about the camera’s purchase value. The Guardian reported that the control page returned a fair and balanced review, noting both positive features and potential drawbacks. However, when hidden text on the page instructed ChatGPT to deliver an overly favorable review, the responses became excessively positive, completely ignoring any negative feedback present on the page. This highlights the alarming potential for hidden content to distort the integrity of reviews and information.
Mashable Light Speed
Despite these challenges, the emergence of ChatGPT Search should not be viewed as a failure. OpenAI has only recently introduced this feature, providing ample opportunity for them to address and rectify these issues. Cybersecurity expert Jacob Larsen from CyberCX reassured the Guardian that OpenAI boasts a robust AI security team, suggesting that by the time the feature is available to the general public, it will have undergone thorough testing to mitigate such vulnerabilities.
Prompt injection attacks have been a theoretical concern for ChatGPT and similar AI search technologies since their inception. While there have been demonstrations showcasing the potential dangers, a significant malicious attack exploiting this vulnerability has yet to occur. Nonetheless, these incidents underscore a critical concern regarding AI chatbots: their surprising susceptibility to manipulation and the ease with which they can be deceived.
var facebookPixelLoaded = false;
window.addEventListener(‘load’, function(){
document.addEventListener(‘scroll’, facebookPixelScript);
document.addEventListener(‘mousemove’, facebookPixelScript);
})
function facebookPixelScript() {
if (!facebookPixelLoaded) {
facebookPixelLoaded = true;
document.removeEventListener(‘scroll’, facebookPixelScript);
document.removeEventListener(‘mousemove’, facebookPixelScript);
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’//connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
fbq(‘track’, “PageView”);
}
}
Daniel Mercer
Brandon Fletcher
