In a late article, Salt Security Inc. reports that has identified critical security flaws in ChatGPT plugins, posing risks of unauthorised access to third-party accounts and sensitive user data.

Salt Security Inc. released a report detailing critical security flaws within ChatGPT plugins.

These plugins extend ChatGPT's capabilities to interact with external services, but they also introduce new risks.

Three vulnerabilities were identified:

1. 
   Exploiting the plugin installation process to automatically install malicious plugins.
2. Improper authentication in PluginLab, enabling account takeover.
3. OAuth redirection manipulation, leading to credential theft.

The vulnerabilities were disclosed to OpenAI and vendors, and remedies were quickly implemented.

Experts highlight the importance of addressing security risks associated with third-party applications.

Key points:

• 
  ChatGPT plugins extend AI capabilities but introduce security risks.
• Vulnerabilities include malicious plugin installation, improper authentication, and OAuth redirection manipulation.
• Prompt disclosure and remediation of vulnerabilities occurred.
• Experts emphasise the need for security evaluation and employee training when implementing AI solutions.

Recommendations to avoid the threat:

Regularly update ChatGPT plugins to patch vulnerabilities.

Implement strong authentication measures in PluginLab to prevent unauthorised access.

Educate users about phishing tactics to mitigate the risk of OAuth redirection manipulation.

Source and further reading.

Salt Security identifies critical flaws in ChatGPT plugins that risk third-party data breaches. (2024, March 13). SiliconANGLE. https://siliconangle.com/2024/03/13/salt-security-identifies-critical-flaws-chatgpt-plugins-risk-third-party-data-breaches/

Mascellino, A. (2024, March 13). New research exposes security risks in ChatGPT plugins. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/security-risks-chatgpt-plugins/