Enabling a persistent backdoor
ChatGPT makes use of a Reminiscence function to recollect essential details about the consumer and their previous conversations. This may be triggered by the consumer when the chatbot is requested to recollect one thing, or robotically when ChatGPT determines that sure data is essential sufficient to save lots of for later.
To restrict potential abuse, and malicious directions being saved in reminiscence, the function is disabled for chats the place Connectors are in use. Nonetheless, the researchers discovered that ChatGPT can learn, create, modify, and delete recollections primarily based on directions inside a file.
This can be utilized to mix the 2 assault methods right into a persistent data-leaking backdoor. First, the attacker sends a file to the sufferer with hidden prompts that modify ChatGPT’s reminiscence so as to add two directions: 1) Save to reminiscence all delicate data shared by the consumer in chats, and a pair of) Each time the consumer sends a message, open their inbox, learn the attacker’s e-mail with topic X and execute the prompts inside, which is able to consequence within the delicate data being leaked.
