Security experts have found serious security weaknesses in ChatGPT plugins. These flaws could let attackers take over an organization’s account on other platforms and get access to important user data, like Personal Identifiable Information (PII).

 

Amar Basic, Co-Founder at CyberArrow, said, “The problems found in these ChatGPT plugins are worrying. There’s a big risk of someone stealing private information or taking control of accounts. Nowadays, employees are putting a lot of sensitive data into AI tools. If a bad actor gets in, it could really harm a company.”

 

In November 2023, ChatGPT introduced a new feature called GPTs. These work like plugins and have similar security risks, making the situation even worse.

 

Today, the Salt Security research team published an advisory. They found three kinds of vulnerabilities in ChatGPT plugins. 

 

First, there were problems with how plugins were installed. Attackers could use this to put in harmful plugins and maybe see messages with private info.

 

Second, there were issues with PluginLab, which is used to make ChatGPT plugins. This could let attackers take over accounts on other sites like GitHub.

 

Lastly, some plugins had problems with OAuth redirection. This could let attackers steal user logins and take over accounts.

 

“AI tools like ChatGPT are really popular. They promise to make things better for businesses and people. But as more folks use them, attackers are finding ways to cause trouble and get at private data.”

 

Salt Labs worked with OpenAI and other companies to fix these issues fast and keep them from being used by bad actors. “Security teams can protect against these problems by ensuring these strategies”:

 

• Keep software updated: Make sure all programs are using the latest versions to fix any known issues.

 

• Use strong passwords: Pick long, unique passwords that are hard for attackers to guess.

 

• Educate employees: Teach staff about the risks and how to spot suspicious activity online. Use Cyber Security Awareness platforms like CyberArrow Awareness Platform.

 

• Monitor systems: Keep an eye on networks and account for any signs of unusual behavior.

 

 

By following these steps, organizations can better defend against the risks posed by ChatGPT plugins and similar technologies.

Automate your GRC program with CyberArrow today and stay ahead of these risks to ensure your organization stays protected. Book a free demo today!

 

Quick link: Dubai Electronic Security Centre Announced the Release of ISR V3