all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs

Add to bookmarks
e
Feb. 14, 2024, 11:30 a.m. |

Embrace The Red embracethered.com

This is an older bug, but it has been over 90 days that this vulnerability was reported to OpenAI. To adhere to industry norms of responsible disclosure this post describes a security vulnerability in ChatGPT regarding the lack of isolation of GPTs when it comes to Code Interpreter sessions. At the bottom are also mitigation steps users and builders of GPTs can take.
Lack of Isolation with GPTs and Code Interpreter Your Code Interpreter sandbox, also known as Advanced Data …

bug chatgpt code disclosure gpts industry interpreter isolation openai responsible responsible disclosure security security vulnerability sessions vulnerability

Visit resource

More from embracethered.com / Embrace The Red

Em
Bobby Tables but with LLM Apps - Google NotebookML Data Exfiltration 1 week, 6 days ago | embracethered.com
apps can chat control +19
Em
HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch 2 weeks ago | embracethered.com
center class conference dave +14
Em
Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix 2 weeks, 6 days ago | embracethered.com
data data exfiltration discipline easier +14
Em
The dangers of AI agents unfurling hyperlinks and what to do about it 3 weeks, 4 days ago | embracethered.com
agents ai agents ai chatbots attackers +11
Em
ASCII Smuggler - Improvements 1 month, 3 weeks ago | embracethered.com
ascii decode decoding end +11
Em
Who Am I? Conditional Prompt Injection Attacks with Microsoft Copilot 1 month, 3 weeks ago | embracethered.com
applications attackers attacks building +23
Em
Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation 2 months ago | embracethered.com
attacker automatic bard called +11
Em
ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs 2 months, 2 weeks ago | embracethered.com
bug chatgpt code disclosure +11
Em
Video: ASCII Smuggling and Hidden Prompt Instructions 2 months, 2 weeks ago | embracethered.com
ascii beyond block call +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Lead Technical Product Manager - Threat Protection

@ Mastercard | Remote - United Kingdom
View on infosec-jobs.com

Data Privacy Officer

@ Banco Popular | San Juan, PR
View on infosec-jobs.com

GRC Security Program Manager

@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Warrington, United Kingdom
View on infosec-jobs.com

Privacy Engineer, Technical Audit

@ Meta | Menlo Park, CA
View on infosec-jobs.com
View more jobs