The vulnerabilities were found in the process of OAuth authentication and the connection between the AI platform and external services. The researchers also found that some plugins only verified the domain and not the path in the redirect_uri, leaving them vulnerable to attacks. OpenAI has since introduced GPTs, a new feature with enhanced security protocols, to address these concerns. However, Salt Labs hints that GPTs may not completely solve the problem and plans to explore this in a future article.
Key takeaways:
- Salt Labs researchers identified vulnerabilities in generative AI ecosystems, specifically in the ChatGPT ecosystem, which could have allowed unauthorized access to user accounts and GitHub repositories.
- The researchers found three types of vulnerabilities: one directly in ChatGPT that allowed attackers to install malicious plugins on ChatGPT users, a 0-click account takeover on multiple plugins, and OAuth redirection manipulation.
- These vulnerabilities could have serious implications, potentially allowing attackers to access sensitive data, private GitHub repositories, and even take control of an organization's account on third-party websites.
- While the vulnerabilities have been addressed and fixed by the respective companies, Salt Labs emphasizes the need for developers to be more aware of potential security risks and for companies like OpenAI to put more emphasis on security in their documentation for developers.