Security Vulnerabilities in ChatGPT's Generative AI Ecosystem

Salt Labs research finds security flaws within ChatGPT Ecosystem (Remediated) 🔗

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

The text discusses security vulnerabilities found within the ChatGPT ecosystem, particularly in its generative AI plugins, which could have allowed unauthorized access to user accounts and sensitive data. The researchers identified flaws in the OAuth authentication process used by ChatGPT plugins, enabling attackers to install malicious plugins and perform account takeovers without user approval. The vulnerabilities affected various plugins developed with PluginLab.AI and Kesem.ai, prompting the researchers to advocate for improved security measures and documentation by OpenAI. The company has since introduced GPTs as a more secure version of plugins, addressing many of the highlighted concerns. The affected plugin developers swiftly responded to the disclosed vulnerabilities, reinforcing the importance of prompt action in addressing security risks.

Salt Labs researchers found security flaws in ChatGPT's generative AI ecosystem, including vulnerabilities in OAuth authentication used by plugins.
The vulnerabilities allowed for the installation of malicious plugins and account takeovers without user consent.
The issues affected plugins developed with PluginLab.AI and Kesem.ai, prompting a call for improved security measures and documentation by OpenAI.
OpenAI introduced GPTs as a more secure alternative to plugins, addressing many of the highlighted concerns.
The affected plugin developers promptly addressed the disclosed vulnerabilities, emphasizing the importance of swift action in mitigating security risks.