This is the first post I’ve seen on here about ChatGPT plugins. I’m trying to wrap my head around the implications and would like to see more discussion about it.
We demonstrate potentially brutal consequences of giving LLMs like ChatGPT interfaces to other applications. We propose newly enabled attack vectors and techniques and provide demonstrations of each in this repository:
Remote control of chat LLMs
Leaking/exfiltrating user data
Persistent compromise across sessions
Spread injections to other LLMs
Compromising LLMs with tiny multi-stage payloads
Automated Social Engineering
Targeting code completion engines
Based on our findings:
Prompt injections can be as powerful as arbitrary code execution
Indirect prompt injections are a new, much more powerful way of delivering injections.
This is the first post I’ve seen on here about ChatGPT plugins. I’m trying to wrap my head around the implications and would like to see more discussion about it.
Maybe it’s a way for OpenAI to build a moat?
New post from Zvi on ChatGPT Plugins: https://www.lesswrong.com/posts/DcfPmgBk63cajiiqs/gpt-4-plugs-in
The repo https://github.com/greshake/llm-security proposes that there are big security issues with LLMs having a plugins API: