Karan Sachdeva’s Post

OpenAI announced its Mac desktop app for ChatGPT with a lot of fanfare a few weeks ago, but it turns out it had a rather serious security issue: user chats were stored in plain text, where any bad actor could find them if they gained access to your machine. Many people now use ChatGPT like they might use Google: to ask important questions, sort through issues, and so on. Often, sensitive personal data could be shared in those conversations. It's not a great look for OpenAI, which recently entered into a partnership with Apple to offer chat bot services built into Siri queries in Apple operating systems. Apple detailed some of the security around those queries at WWDC last month, though, and they're more stringent than what OpenAI did (or to be more precise, didn't do) with its Mac app, which is a separate initiative from the partnership. OpenAI has now updated the app, and the local chats are now encrypted, though they are still not sandboxed. (The app is only available as a direct download from OpenAI's website and is not available through Apple's App Store where more stringent security is required). If you've been using the app recently, be sure to update it as soon as possible... #artificialintelligence #cybersecurity #machinelearning #informationsecurity #ai #security #chatgpt #macos #openai

Please update your #Mac desktop app for #ChatGPT. #OpenAI has updated the app (available on their website not on the Apple app store -- confusing for users --TBD). H/T Michael Tchuindjang for sharing! #AIrisk #cyberrisk #securityrisk #encryption #personaldata #privacy

And yet again we are talking about GenAI and security... Recently, OpenAI’s ChatGPT macOS app was found storing conversations in plain text, posing a significant security threat. A researcher showed how another app could read these files, exposing a serious security risk. After being notified by The Verge, OpenAI scrambled to update the app, finally encrypting the stored conversations. But should it take external intervention for a company to prioritize your security? This flaw happened because the app bypassed Apple's sandboxing protections, opting for a website distribution instead. This careless approach jeopardizes user data and again raises questions about OpenAI’s commitment to security. Here is what OpenAI said to The Verge: “We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.” How can you trust them? They have demonstrated in the past 6 months that for them time to market is far more important than your privacy or your security. Your data's safety shouldn't be an afterthought. If you plan to integrate AI (and you should definitely), don’t delegate the security to your providers; make your own due diligence so you can take only the risks you agree to. #DataSecurity #OpenAI #Privacy #TechNews 👉 Virtual Mind Consulting & Alexandre Vallette ♻️ Feel free to repost to your network. 👇 Drop your thoughts below! 🚀 👍 Useful links: If you want to read an article on the subject: https://lnkd.in/gd2fuRqK

Google Update Reveals AI Will Read All Your Private Messages #AI #AIupgrade #Android #Applesapproach #artificialintelligence #Bard #cloudbasedmodel #Cybersecurity #endtoendencryption #Google #llm #machinelearning #messageanalysis #messagingexperience #ondeviceAIanalysis #privacyconcerns #privatemessages #Sentimentanalysis #Software #userhistory

OpenAI's security vulnerabilities exposed, raising concerns among experts. #AIsecurity 🤝 Download 1 Million Logo Prompt Generator 🔜 https://wapia.in/1mlogo 🤝 Follow us on Whatsapp 🔜 https://wapia.in/wabeta _ ❇️ Summary: OpenAI's generative AI chatbot ChatGPT for MacBook users was found to be storing user chats locally in plain text without encryption, leading to security concerns. OpenAI responded by adding encryption to the stored chats. Additionally, concerns were raised about a 2023 hack of OpenAI where a hacker gained access to internal messaging systems. The company's response to security concerns has been criticized, with implications of potential links to China and the need for tighter security measures to protect data. Hashtags: #chatGPT #OpenAIsecurityconcerns #AIvulnerabilities

OpenAI’s ChatGPT Mac App Security Flaw OpenAI’s ChatGPT macOS app had a major security flaw. → Conversations were stored in plain text, easy for anyone with access to read. → This flaw meant that any malicious app could access and read your chats. What Happened? → Pedro José Pereira Vieito found the flaw and created an app to show how easily chats could be accessed. → The Verge contacted OpenAI, prompting an update to encrypt conversations. OpenAI’s Response → OpenAI released an update to encrypt chat data. → They aim to maintain high security standards while providing a helpful user experience. Current Status → The update fixed the issue; conversations are now encrypted. → This flaw highlights the need for robust app security practices. Your Thoughts? How important is data encryption for AI apps? ➡ Follow me Master List AI for more of these. ➡ Master AI (Tips, Tools, Trends, News) Here: https://lnkd.in/gM9pWpf5 P.S. Enjoy these? Feel free to Repost #ai #technews #security #chatgpt #techcommunity #openai #chatgptimac

#OpenAI launches #ChatGPT Enterprise with bevy of cybersecurity features: #OpenAI LP today debuted #ChatGPT Enterprise, a new version of its ChatGPT chatbot with significantly more features than the original. The offering is rolling out about four months after the company first hinted that it’s in the works. The chatbot is geared towards large organizations.  One of the main selling points of #ChatGPTEnterprise is […] The post OpenAI launches ChatGPT Enterprise with bevy of cybersecurity features appeared first on SiliconANGLE.

Sharing this article from George McGregor as a reminder of the ongoing threats to OpenAI's #ChatGPT service, with a focus on the theft of API keys and the associated risks. How to prevent ChatGPT (or any APIs) being abused via the mobile channel. The Motive - Why Would Someone Want to Hack ChatGPT? Well, there are several reasons including the allure of the service's high profile, the potential for financial gain (avoiding subscription fees and selling stolen data on the dark web), and simply the challenge of interfering with the service. The Means - What Tools Could a Hacker Use? The primary means by which a hacker could compromise ChatGPT is through the service's API keys. If they gain access to an API key, they could create scripts and bots to steal data, disrupt the service, and deplete the user's monthly quota. OpenAI advises safeguarding API keys and routing requests through a secure backend server, but this doesn't entirely eliminate the problem, especially for mobile apps. The Method - How will the Attack be Carried Out? There are two main methods for stealing secrets from a mobile app. The first method is static analysis, which involves examining the app's source code and components for exposed secrets. The second method is stealing secrets at runtime, where API keys can be taken during execution by instrumenting the application, manipulating the environment, or using Man-in-the-Middle attacks. How can APIs be Protected from Abuse? To protect ChatGPT APIs from being abused via the mobile channel (including not storing API keys in mobile app code) we recommend implementing the following measures at runtime: - systematically checking requests to ensure they are genuine, - detecting unsafe operating environments on the client device, - safeguarding against Man-in-the-Middle attacks, and - using a secrets management solution to securely manage API keys and certificates in the cloud. These measures are essential to ensure the security of mobile apps and their associated APIs. #apisecurity #mobilesecurity #openai #appdevelopment Link to full article here: https://lnkd.in/eqEM2Ytw

ChatGPT accepts user content in many different formats. It has a highly flexible input grammar. It performs functions on the input that are hard to explain and may include cross-site or cross-service submissions. It has a lot of users who don’t know quite what to expect. The best analogous security situation is the office suite circa 2000-2010. Office documents were the #1 attack vector for buffer overrun attacks, all in the parsing layers. We found and fixed the issues by flooding the system with noise and detecting only deleterious states (e.g. crash, hang, data corruption, etc). The same process can be applied to openAIs front-end. Sometimes startups with microservice architectures have authentication and user boundary issues in a shared hosting environment. It can be hard to have all those services hit an authentication service and hand-off credentials correctly. If user boundaries are crossed, or endpoints are inadequately protected in their microservice architecture, that is a lot of hard work to fix and requires security expertise.

Companies need new internal rules about how to use AI