The research, conducted by The Guardian, tested the AI chatbot’s response to a query about summarising the web pages containing hidden content.
During the testing, it was found that the hidden content could contain instructions from third parties which can alter its responses. This is also called ‘prompt injection’. Also, it may contain content that has been specifically designed to influence the response of the AI chatbot.
It must be noted that ChatGPT has been made available to paying customers, while OpenAI has urged users to consider making it their default search tool.
What probe suggests
Through its research, The Guardian noted that techniques, like prompt injection, can be used maliciously by some people. Giving an example, it stated that this can cause ChatGPT to provide a positive assessment of some product, which otherwise has negative reviews on the same page.
“A security researcher has also found that ChatGPT can return malicious code from websites it searches,” read the report.
Key takeaways
During the research, the ChatGPT was provided with a fake website’s URL specifically designed to look like a product page for a camera. After being asked whether to buy the camera or not, the AI chatbot in reply gave a “positive but balanced assessment, highlighting some features people might not like,” the report noted.
The response, however, came out only positive when hidden text included instructions to it to return a favourable review. This was noted even when the page had negative reviews for the product, highlighting how hidden text might get used to “override the actual review score.”
If the ChatGPT search system is released fully in its current state, there is ‘high risk’ of people coming up with websites that are specifically aimed towards deceiving users, said Jacob Larsen, a cybersecurity researcher at CyberCX.
Larsen added, “This search functionality has come out (recently) and it’s only available to premium users… “They’ve got a very strong (AI security) team there, and by the time that this has become public, in terms of all users can access it, they will have rigorously tested these kinds of cases”.
(Edited by : Sudarsanan Mani)
