GPT Attack: Stealing Company Data with Code Interpreter #shorts

The other thing is actions. Also an interesting thing we we just saw this the API calls. You can upload files if I'm as an attacker able to extract files. It's also nice for me and it has capabilities like web browsing code interpreter and whatnot. So that's also interesting but it's probably for an attacker not that interesting because all the capabilities that are here or nearly all of them uh image generation and the code interpreter are stuff that you will be attacking open AI with. And usually what the scenario that we have is that your GPT is doing something for your company and you would like the attacker would like to get a hold of that data, that information, right? So

we're not talking about attacking open AI here. We're just having the focus on attacking your company assets or the assets that you put into the GPTs or the assistance and what's coming out of this, right? Uh assistance, it's pretty much the same. They're pretty uh pretty much the same. You also have a purpose with instructions and then you have tools. I don't know if they're called like this anymore. They just switch wording here every time. But it's basically you can have functions, code interpreter and auto retriever.