A new feature from OpenAI enables ChatGPT to « remember » conversations. However, this advancement brings significant concerns. Johann Rehberger, a security researcher, has recently revealed a major flaw in this capability.
Serious Security Flaw in ChatGPT’s Memory Feature
This vulnerability, which has been present since September, allows hackers to inject fabricated memories into ChatGPT’s memory system. The question remains: how did Rehberger uncover this loophole, and why hasn’t OpenAI taken swift action?
In February, OpenAI introduced a feature designed to help ChatGPT retain previous interactions, aiming to create a more seamless conversational experience. However, Rehberger quickly identified a weakness in this system. In May, he documented an experiment on his blog, illustrating how he tricked the AI into believing that he was 100 years old and living in a simulated reality. He accomplished this simply by utilizing a Microsoft Word document filled with fictitious memories.
OpenAI’s Response to the Vulnerability
Upon discovering this vulnerability, Rehberger promptly notified OpenAI. Yet, the company’s response fell short of expectations. They dismissed his report as just a « model issue, » which frustrated Rehberger, who anticipated a more robust action. Such vulnerabilities pose substantial risks to user security.
In light of OpenAI’s insufficient response, Rehberger decided to delve deeper into the issue. He conducted a demonstration to emphasize the severity of the flaw. Not only did he inject false memories, but he also managed to exfiltrate data to an external server. This proof of concept finally caught OpenAI’s attention. Subsequently, they released a patch to prevent data exfiltration, although the underlying memory issue remains unresolved.
Continuing Risks Despite the Patch
Despite the recent patch, Rehberger has noted that the risk persists. Even after the update, unreliable websites or documents can still exploit ChatGPT’s memory. He pointed out that only the data exfiltration aspect has been addressed, while the feature that allows for the injection of memories continues to be vulnerable. In a recent blog post, he emphasized the urgent need for OpenAI to tackle this ongoing problem.
OpenAI has finally responded to Rehberger’s demonstration, but there is still considerable progress to be made. The persistent memory flaw has not been fully resolved. Rehberger shared a video documenting his methods of injecting memories into the AI’s memory, raising alarms as these fabricated memories continue to be retrieved in subsequent conversations.
The Urgent Need for Action from OpenAI
This raises a critical question: will OpenAI act quickly to rectify this vulnerability? Rehberger and other security experts are questioning the delay in OpenAI’s reaction. Meanwhile, this flaw remains a concern, posing potential risks to users. It is essential that the company takes further measures to ensure user safety and prevent any malicious manipulation.
Our blog thrives on reader support. When you make purchases through links on our site, we may earn an affiliate commission.
As a young independent media, Web Search News aneeds your help. Please support us by following us and bookmarking us on Google News. Thank you for your support!