GPT Attack Vectors: Uncovering Hidden Dangers #shorts

Look at the GPTs, the app store stuff. Um, you basically have two things that are pretty interesting and it's the purpose. So you give this thing instructions by natural language and those instructions usually tell it what to do. So to understand how to attack such a thing, you would want to know what it is actually doing. And uh the other thing is limitations that you're giving, right? You're saying don't do those things, do those things instead. And if as an attacker you know these things that's a pretty good information on uh how you can proceed and and stuff that you can extract. The other thing is actions also an interesting thing we we just saw this the API calls you can

upload files if I'm as an attacker able to extract files it's also nice for me and it has capabilities like web browsing code interpreter and whatnot. So that's also interesting but it's probably for an attacker not that interesting because all the capabilities that are here or nearly all of them uh image generation and the code interpreter are stuff that you will be attacking open AI with and usually the scenario that we have is that your GPT is doing something for your company and you would like the attacker would like to get a hold of that data that information right so we're not talking about attacking open AI here we're just having the focus on attacking your

company assets or the assets that you put into the GPTs or the assistance and what's coming out of this, right? Uh assistance, it's pretty much the same. They're pretty uh pretty much the same. You also have a purpose with instructions and then you have tools. I don't know if they're called like this anymore. They just switch wording here every time, but it's basically you can have functions, code interpreter, and auto retrieval. functions is a bit different and I would like to dive into this for just a second so you understand what those things are doing. Uh functions are basically um uh a way to tell the assistant I have this function and it's called weather data for example and what you're

going to do with this is you are basically going to parameterize this function for me. So code, let let me put it like this, this function for me and then send it back to me. So I can use this in my back end. So interfering with those functions is not giving you a code execution or something like that. It's just called a function, but it's actually just a parameterized JSON that is coming back that you're taking in your application and then working on those things, right?