OpenAI now allows premium ChatGPT users to bring up third-party apps — GPTs — in conversations by typing “@” and selecting the desired app. While this opens up new possibilities for users, Kaspersky says it also opens potential privacy risks.
OpenAI unveiled GPTs in Nov. 2023, allowing users to create AI-powered apps for specific purposes, such as writing in a distinct style or editing photos in a particular way. Users can bring ready-made GPTs, like “Creative Writing Coach,” into a chat, and they’ll come with an understanding of the context of your conversation.
This feature promises a more tailored and contextually relevant experience, but Kaspersky’s Vladislav Tushkanov told VPNOverview that it opens up the possibility for data sharing with third-party services.
How GPT Apps May Compromise Your Privacy
Tushkanov noted that while users can review and approve the data that GPTs share, “it requires a degree of awareness and a degree of caution on the part of the user, as they need to check and understand each request, which may affect the experience.”
Even if users diligently check every data-sharing request, they could still fall victim to data leaks.
“There are other ways in which user data may potentially leak from a chatbot service: due to errors or potential vulnerabilities in the service, if it gets memorized during further training of the model, or if another person gets access to your account,” Tushkanov warned.
These concerns aren’t unfounded. In March 2023, a bug in an open-source library exposed user data, including sensitive payment information of ChatGPT Plus subscribers. And, in Dec. 2023, the discovery of a data exfiltration vulnerability showed how attackers can exploit the functionalities of chatbots to send data to third-party servers without users’ consent.
Avoid Sharing Confidential Information With Chatbots: Kaspersky
“It is best to be careful not to share personal data and confidential information with any chatbot service on the Internet,” Tushkanov warned.
In addition to this valuable tip, we recommend reviewing all data-sharing requests from GPTs before approving them. And enable two-factor authentication to prevent unauthorized access to your ChatGPT account.
While ChatGPT is an incredibly powerful and useful tool, security concerns remain. Refer to our chatbot safety guide for more tips on how to safeguard your privacy while using ChatGPT and other AI tools.
Want to try your hands at creating a custom GPT? Try the GPT Builder.
For more news, follow us on X (Twitter), Threads, and Mastodon!
