{"id":5348,"date":"2025-08-07T03:03:27","date_gmt":"2025-08-07T03:03:27","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=5348"},"modified":"2025-08-07T03:03:28","modified_gmt":"2025-08-07T03:03:28","slug":"a-single-poisoned-doc-may-leak-secret-information-through-chatgpt","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=5348","title":{"rendered":"A Single Poisoned Doc May Leak \u2018Secret\u2019 Information Through ChatGPT"},"content":{"rendered":"


\n<\/p>\n

\n

The newest generative<\/span> AI fashions should not simply stand-alone text-generating chatbots<\/a>\u2014as a substitute, they will simply be hooked as much as your information to present customized solutions to your questions. OpenAI\u2019s ChatGPT could be linked<\/a> to your Gmail inbox, allowed to examine your GitHub code, or discover appointments in your Microsoft calendar. However these connections have the potential to be abused\u2014and researchers have proven it may take only a single \u201cpoisoned\u201d doc to take action.<\/p>\n

New findings from safety researchers Michael Bargury and Tamir Ishay Sharbat, revealed on the Black Hat hacker convention in Las Vegas right now, present how a weak point in OpenAI\u2019s Connectors allowed delicate info to be extracted from a Google Drive account utilizing an oblique immediate injection assault<\/a>. In an illustration of the assault, dubbed AgentFlayer<\/a>, Bargury reveals the way it was attainable to extract developer secrets and techniques, within the type of API keys, that had been saved in an illustration Drive account.<\/p>\n

The vulnerability highlights how connecting AI fashions to exterior techniques and sharing extra information throughout them will increase the potential assault floor for malicious hackers and probably multiplies the methods the place vulnerabilities could also be launched.<\/p>\n

\u201cThere may be nothing the person must do to be compromised, and there may be nothing the person must do for the information to exit,\u201d Bargury, the CTO at safety agency Zenity, tells WIRED. \u201cWe\u2019ve proven that is fully zero-click; we simply want your e mail, we share the doc with you, and that\u2019s it. So sure, that is very, very dangerous,\u201d Bargury says.<\/p>\n

OpenAI didn’t instantly reply to WIRED\u2019s request for remark in regards to the vulnerability in Connectors. The corporate launched Connectors for ChatGPT as a beta characteristic earlier this yr, and its web site lists<\/a> not less than 17 completely different companies that may be linked up with its accounts. It says the system means that you can \u201cconvey your instruments and information into ChatGPT\u201d and \u201csearch recordsdata, pull reside information, and reference content material proper within the chat.\u201d<\/p>\n

Bargury says he reported the findings to OpenAI earlier this yr and that the corporate rapidly launched mitigations to stop the approach he used to extract information through Connectors. The best way the assault works means solely a restricted quantity of knowledge might be extracted directly\u2014full paperwork couldn’t be eliminated as a part of the assault.<\/p>\n

\u201cWhereas this difficulty isn\u2019t particular to Google, it illustrates why growing sturdy protections towards immediate injection assaults is vital,\u201d says Andy Wen, senior director of safety product administration at Google Workspace, pointing to the corporate\u2019s not too long ago enhanced AI safety measures<\/a>.<\/p>\n

<\/div>\n\n","protected":false},"excerpt":{"rendered":"

The newest generative AI fashions should not simply stand-alone text-generating chatbots\u2014as a substitute, they will simply be hooked as much as your information to present customized solutions to your questions. OpenAI\u2019s ChatGPT could be linked to your Gmail inbox, allowed to examine your GitHub code, or discover appointments in your Microsoft calendar. However these connections […]<\/p>\n","protected":false},"author":2,"featured_media":5350,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[1175,157,4534,1054,4533,4054,4339],"class_list":["post-5348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-news","tag-chatgpt","tag-data","tag-document","tag-leak","tag-poisoned","tag-secret","tag-single"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/5348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5348"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/5348\/revisions"}],"predecessor-version":[{"id":5349,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/5348\/revisions\/5349"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/5350"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}