How secure is ChatGPT?
Interwoven into our lives as we know them, Artificial Intelligence (AI) and Large Language models (LLM) like ChatGPT appear more on our screens and in our homes. Since its release, the chatbot's popularity has grown exponentially and continues to reach new heights as the software develops. So it’s natural to think, is ChatGPT safe? Is it secure? How is it handling my data?
We at Cybernews Academy spoke to the public and Mantas Sasnauskas, Head of Security Research at Cybernews.com, to help you understand how secure these large language models really are.
Is ChatGPT safe?
When we started our research of ChatGPT and other large language models, the question surrounding ChatGPT and safety naturally arose. We examined OpenAI’s 'approach to AI safety' to analyze what OpenAI is saying regarding security.
OpenAI claims that before they release any new applications, the software must undergo rigorous testing to ensure its stability. The company gave an example of its most current testing methods by stating that once the latest model of ChatGPT-4 was finished, they spent six months refining and tweaking the program to ensure maximum efficiency. OpenAI believes that new forms of artificial intelligence should be subject to intense safety evaluations. So they have even reported liaising with local governments on the best avenue to take when regulating the program.
This sounds great, but how accurate is this information? We spoke with Mantas Sasnauskas, Head of Security Research at Cybernews.com, to discuss the ins and outs of ChatGPT. He said, "ChatGPT is a large language model trying to imitate intelligence, but it's bound to do only what you feed it." This means that ChatGPT only continues to work with input from the public, as it can't make the content itself. The LLM needs others' information to learn and function. The program wouldn't work appropriately if we weren't feeding ChatGPT information. Here lies the issue of data security and privacy. If ChatGPT is using our data to strengthen the model, does it protect the data we input? Is it still vulnerable to attacks? Is OpenAI thinking of my privacy?
OpenAI wants its models to gain knowledge of the wider world, not individuals. The company claims to “remove personal information from the training dataset where feasible, fine-tune models to reject requests for personal information of private individuals, and respond to requests from individuals to delete their personal information from our systems.” However, Mantas claims all information is used in ChatGPT’s learning process. It's unlikely that ChatGPT will remove inputted data from its neural networks, and once your data is online, it's very difficult to wipe. However, ChatGPT now has a data privacy toggle where you can turn off your chat history and opt out of training the language model. OpenAI said, "We've introduced the ability to turn off chat history in ChatGPT. Conversations started when chat history is disabled won’t be used to train and improve our models and won’t appear in the history sidebar.” This safety feature won’t go unnoticed, but what else is OpenAI doing to ensure our safety?
Although OpenAI tries its hardest to prevent problems, the company can’t predict the future. So, they believe that learning from the “real world” use is a vital component in safeguarding the software. Their approach to releasing new artificial intelligence models is gradual. They open their software to a small pool of people and learn from the data received. This is excellent, but what safeguards do they use to protect us while using ChatGPT?
Mantas told Cybernews Academy one of the safeguarding tools used by OpenAI; censorship. The amount of disallowed content banned by OpenAI is extensive. The company has prohibited the following topics from being openly discussed in conversations with ChatGPT
- Illegal activity
- Child sexual abuse material or any other content that pertains to the exploitation of children
- Generation of hate speech, violent, and or harassing content
- Generation of malware
- Activity that has a high risk of physical harm
- Activity that has an increased risk of economic harm
- Fraudulent or deceptive activity
- Adult content
- Political campaigning or lobbying
- Activity that violates people's privacy
- Engaging in the unauthorized practice of law or offering tailored legal advice without a qualified person reviewing the information
- Offering tailored financial advice without a qualified person reviewing the information
- Telling someone that they have or do not have a specific health condition or providing instructions on how to cure or treat a health condition
- High-risk government decision-making
However, does this make ChatGPT safe? In theory, yes. However, Mantas Sasnauskas states that OpenAI cannot really censor everything. Yes, it might be less likely to respond to outright requests to produce harassing or malicious content. However, people are creative. Mantas told Cybernews Academy a story of an injection attacker who obtained Microsoft serial keys using emojis. The person "used Emojis because Emojis have Unicodes, which are small code snippets. So instead of using the whole word, they use Unicodes or Emojis to replace parts of the word. ChatGPT doesn't understand that this is the whole word, but when it processes it, the system transforms this code into words, and that bypasses censorship." So, you can sneakily get around ChatGPT if you know what you're doing. However, it is never advised as this activity is illegal. This is just one of the ways that someone could threaten the system and access your data. However, there are many other ways people can cheat ChatGPT out of valuable information or even poison the system for personal gain.
ChatGPT seems like a safe tool to use. But be warned, the software is not immune to exposure by hackers or nasty viruses.
A bug in the system
On the 22nd of March 2023, Sam Altman, CEO of OpenAI, made a statement via Twitter regarding a "bug in an open-source library that allowed some users to see titles from another active user's chat history." OpenAI released a statement via their website that elaborated on the issue: "It's also possible that the first message of a newly-created conversation was visible in someone else's chat history if both users were active around the same time." OpenAI's CEO stated, "A small percentage of users could see the titles of other users' conversations." The website says that "upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the active ChatGPT Plus subscribers during a specific nine-hour window." OpenAI released more details surrounding the kind of data that may have been visible at the time of the attack. The company stated that "some users could see another active user's first and last name, email address, payment address, credit card type and the last four digits (only) of a credit card number, and credit card expiration date." ChatGPT like any other software isn't immune to bugs or attackers so we aren't surprised that an event like this transpired. Despite this, OpenAI states that it's still "committed to keeping powerful AI safe and broadly beneficial."
Prompt injection attack
Mantas spoke to Cybernews Academy about the critical safety concerns surrounding ChatGPT is attacks by outside forces. One attack he named is called a 'prompt injection attack.' "This is where you use your knowledge of that and systems, AI systems, or the backend system." This is usually the "thing you don't see" when logging into ChatGPT. It's the "program code running the system." Once a person has this knowledge, they can manipulate the user's prompt and make it do something "unintended." This could be creating dangerous code, surpassing content filters, and potentially leaking personal data. You would need extensive knowledge of the system to conduct an attack like this– however, it's not impossible. That's why it's essential not to input personal data like passwords, credit card details, or other personal information, as someone could access this.
Another interesting yet concerning attack is something called a 'training attack.' "The purpose of this attack is to poison the data in the language model." Mantas gave an example of a training attack. He said, "If someone wants to harm their competitors, they will start feeding a lot of data that this competitor is awful." Then a person would have to feed the program a substantial amount of negative information regarding that competitor. From there, if anyone asks a question about that competitor, they may receive biased and hostile information surrounding that company. So, it's possible to manipulate the program and force it to spew out inaccurate and inappropriate information. When asked if anyone could commit a training attack, Mantas said, "Yes, anybody could do that." However, Mantas noted that a significant amount of data would be needed to poison ChatGPT.
Dangers and your data
So, what are some of the dangers surrounding data storage? We asked students, academics, and chatGPT users, how they feel about how their data is handled. Meet our panel.
- Dr. Antony Aumann, Professor of Philosophy, Northern Michigan University, US
- Prof. Mitali Halder, Assistant Lecturer of Computer Science, Coventry University Wrocław, Poland
- Ayman Ali, Computer Science Student, Loughborough University, UK
- Simona Mohammad, Natural Sciences Student, Loughborough University, UK
- David Ngei Omurwa, Cybersecurity Student, Coventry University Wrocław, Poland
- Krists Sturmanis, Civil Engineering Student, HZ University of Applied Sciences, Netherlands
We begin with Ayman Ali, who said, "I don't care how ChatGPT stores my data because I am a student, and I'm not very important right now.' Similarly, Simona Mohammad commented that she didn't really care about how her data was handled. She said, "I'm not famous. They can take whatever they want." However, Mantas raised a crucial point that it's not about the individuals' data but more about how the individual contributes to the broader population, as this mass of data could potentially be used for nefarious purposes.
When asked how he felt about how data is handled, Krists Sturmanis said, "It really depends on who is managing this data. We all saw what happened with Facebook a couple of years ago when their data leaked. If that happens, lots of incriminating information, searches, and questions could go out in the public eye." However, Krists proposed a potential solution to this problem. He said, "If authorities could manage ChatGPT, maybe they could prevent some harm." We asked Mantas whether or not this software is regulated, and he stated, "It's not regulated at all." ChatGPT is so new that many organizations are unsure how to approach it.
Despite its unique qualities, the software is no different from other computer systems. David expressed, "Just like any other computer systems, there are vulnerabilities and flaws still unknown to us." Professor Mitali Halder commented on this. She said, "In the terms and conditions, we consent to OpenAI using whatever you communicate in ChatGPT. We know that it is going to be used for their research purposes. Now it is on you what you're sharing. So that's why we must be mindful." Professor Hadler said that giving ChatGPT consent is no different from consenting to cookies. She said, "When browsing any site, you will see the option to accept cookies. If you click accept, you consent to that site using your data. So the threat is always there." Dr. Antony Aumann shared a similar idea surrounding the topic of data. He said, "I guess I'm of the mindset that when I'm online, everything I'm doing will be stolen at some point, or everybody already knows about it. So I don't put anything up there that I don't believe will be taken at some point."
Despite its infancy, Mantas Sasnauskas and many others believe that ChatGPT and other AI language models, "if used correctly and regulated, might advance our civilization." Artificial intelligence is not only the key to revolutionizing our work and personal lives, it might be the key to unlocking the next stage of civil advancement. Artificial intelligence and artificial general intelligence are new concepts that are slowly being realized daily alongside ChatGPT, which is also very new. However, we must constantly be on the lookout for cyber threats. David Ngei Omurwa gave an excellent tip for using the software securely. He said, "I try to distance my conversations with it from my personal and work life. So I try to anonymize myself every time I speak to it." An air of anonymity should act as an extra layer of protection– but make sure you are careful about what you put online. Mantas suggests regularly managing your cyber hygiene using password managers and multi-factor authentication. It would be best to refrain from posting personal information like phone numbers, addresses, and other private information online. Mantas urged us to remember this phrase "Click it, get hit." This refers to phishing attacks and other scams that require just a click, and then you're hit with a world of viruses, scams, and cyber threats. We at Cybernews Academy suggest you be careful when clicking on unfamiliar email links and ensure the websites you frequent are reliable. It's important to remember that nothing is impenetrable, so we must protect ourselves and our privacy online. Is ChatGPT safe? Well, I guess we'll have to wait to find out.