Peter Makohon’s Post

So....not a malicious action by OpenAI and ChatGPT, but still a quite worrying security oversight. OpenAI's ChatGPT Mac app was initially built to be highly non-secure. Quote from the article follows: "Unless you’ve opted out, OpenAI may review ChatGPT conversations for safetyand to train its models. But that privilege isn’t one you’d expect to extend to unknown third parties that get access and know where to look." To their credit, they did fix this quickly after they were made aware of the security flaw. We here at www.kindo.ai know that it is extremely difficult to layer on security both technologically and culturally once you begin building your company and your product. This is why Kindo was built from Day Zero from the ground up to be your secure AI solution. Security and Privacy is baked into our DNA and our product. Special thanks to Jay Peters of The Verge for reporting this security flaw which was discovered by Pedro Jose Pereira.

This has to be one of the laziest AI implementations I've heard of. Question to OpenAI. Is anyone even trying over there anymore? Also, are you going to be this terrible on iOS? Asking for a friend. ----- ArsTechnica: "ChatGPT’s much-heralded Mac app was storing conversations as plain text. The app was updated to address the issue after it gained public attention." (Samuel Axon) (July 5, 2024) "OpenAI announced its Mac desktop app for ChatGPT with a lot of fanfare a few weeks ago, but it turns out it had a rather serious security issue: user chats were stored in plain text, where any bad actor could find them if they gained access to your machine. As Threads user Pedro José Pereira Vieito noted earlier this week, "the OpenAI ChatGPT app on macOS is not sandboxed and stores all the conversations in plain-text in a non-protected location," meaning "any other running app / process / malware can read all your ChatGPT conversations without any permission prompt." He added: --- "macOS has blocked access to any user private data since macOS Mojave 10.14 (6 years ago!). Any app accessing private user data (Calendar, Contacts, Mail, Photos, any third-party app sandbox, etc.) now requires explicit user access." "OpenAI chose to opt-out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defenses." --- OpenAI has now updated the app, and the local chats are now encrypted, though they are still not sandboxed. (The app is only available as a direct download from OpenAI's website and is not available through Apple's App Store where more stringent security is required.) Many people now use ChatGPT like they might use Google: to ask important questions, sort through issues, and so on. Often, sensitive personal data could be shared in those conversations. It's not a great look for OpenAI, which recently entered into a partnership with Apple to offer chat bot services built into Siri queries in Apple operating systems. Apple detailed some of the security around those queries at WWDC last month, though, and they're more stringent than what OpenAI did (or to be more precise, didn't do) with its Mac app, which is a separate initiative from the partnership. If you've been using the app recently, be sure to update it as soon as possible." ArsTechnica: https://lnkd.in/giA-hPAc #ai #openai #aihype #apple #macos

OpenAI Releases Temporary Workaround for ChatGPT Data Exfiltration Bug: What’s With the Latest Flaw? | Tech Times: OpenAI addresses a data exfiltration vulnerability in ChatGPT but faces ongoing security concerns due to incomplete fixes and unaddressed risks. Delayed response led to public disclosure of the flaw in December 2023. The iOS app lacks safety checks, leaving data exfiltration risks unmitigated. Uncertainty surrounds the Android app's security, raising concerns for over 10 million users. - Artificial Intelligence topics! #ai #artificialintelligence #intelligenzaartificiale

It turns out the ChatGPT for Mac app had been storing users' conversations with the AI chatbot in plain text. #talktechwtanya #chatGPT #security #channel #technology #advisor #techbydesign

OpenAI releases patch for ChatGPT data leak issue. #ChatGPTsecurity 🤝 Follow us on Discord 🔜: https://lnkd.in/gt823Zd3 🤝 Follow us on Whatsapp 🔜 https://wapia.in/wabeta _ ❇️ Summary: OpenAI's ChatGPT has been found to have a security flaw that allows unauthorized third parties to access users' data, even after a security patch has been released. Security researcher Johann Rehberger discovered the vulnerability and was able to create a custom GPT that could steal data from ChatGPT. Although OpenAI has rolled out a fix, the flaw still remains, and users should remain vigilant when using custom GPTs. The security flaw also affects ChatGPT apps for iOS and Android, which have yet to be updated with a fix. Hashtags: #chatGPT #OpenAIchatGPTpatch #AIdataleakfix

Partially resolved: OpenAI’s ChatGPT data leak patch #privacyconcerns 🤝 Follow us on Discord 🔜: https://lnkd.in/gt823Zd3 🤝 Follow us on Whatsapp 🔜 https://wapia.in/wabeta _ ❇️ Summary: OpenAI's ChatGPT AI chatbot has been plagued by security vulnerabilities, with a recent report revealing that it is still susceptible to data leaks despite a recent security patch. The vulnerability allowed unauthorized access to user conversations and metadata, and although OpenAI has rolled out a fix, security researcher Johann Rehberger claims it is not sufficient. The patch has not been implemented in the ChatGPT apps for iOS and Android, leaving users vulnerable. OpenAI needs to prioritize robust security measures to prevent unauthorized access to user data. Hashtags: #chatGPT 1. #OpenAIChatGPT 2. #DataLeakPatch

Is #ChatGPT Safe? Unveiling The Facts And #Security #Measures From the moment ChatGPT was launched, it was clear that this tool would become a success. ChatGPT enables you to have all the answers at the tip of your fingers and, therefore, can help you solve various problems regardless of your profession. But considering the amount of data we share with the chatbot, users have been wondering about the safety of ChatGPT. https://lnkd.in/dt-SrvBg #artificialintelligence #datascience #machinelearning

ChatGPT is leaking private conversations that include login credentials and other personal details of unrelated users, screenshots submitted by an Ars reader on Monday indicated. Two of the seven screenshots the reader submitted stood out in particular. Both contained multiple pairs of usernames and passwords that appeared to be connected to a support system used by employees of a pharmacy prescription drug portal. An employee using the AI chatbot seemed to be troubleshooting problems that encountered while using the portal. In November, researchers published a paper reporting how they used queries to prompt ChatGPT into divulging email addresses, phone and fax numbers, physical addresses, and other private data that was included in material used to train the ChatGPT large language model. Concerned about the possibility of proprietary or private data leakage, companies, including Apple, have restricted their employees’ use of ChatGPT and similar sites... #chatgpt #openai #dataleak #dataleakage #securityawareness #cyberawareness #cybersecurity #informationsecurity #privacy #privacyawareness #chatbots #artificialintelligence #artificialintelligencetechnology #ai #cyber #alert #vigilance

Is #ChatGPT Safe? Unveiling The Facts And #Security #Measures From the moment ChatGPT was launched, it was clear that this tool would become a success. ChatGPT enables you to have all the answers at the tip of your fingers and, therefore, can help you solve various problems regardless of your profession. But considering the amount of data we share with the chatbot, users have been wondering about the safety of ChatGPT. https://lnkd.in/eMJt7DG2 #artificialintelligence #datascience #machinelearning

OpenAI's ChatGPT Plugins Pose Security and Privacy Risks - WinBuzzer: ChatGPT plugins are a powerful way to extend the functionality of ChatGPT, ... ChatGPT followed the prompt and changed its name accordingly. #ChatGPT #OpenAI #AI