Home / Technology / ChatGPT's New Apps Vulnerable to 'ZombieAgent' Attacks
ChatGPT's New Apps Vulnerable to 'ZombieAgent' Attacks
9 Jan
Summary
- ChatGPT apps feature allows connections to emails and calendars.
- Malicious prompts hidden in emails can be executed by ChatGPT.
- OpenAI patched the 'ZombieAgent' vulnerability on December 16.
OpenAI's recently released 'apps' feature for ChatGPT, previously known as Connectors, has been found to harbor a significant security vulnerability dubbed 'ZombieAgent'. This feature allows ChatGPT to integrate with various applications, including email and cloud storage, to enhance user responses. However, security researchers at Radware discovered that malicious prompts can be embedded within connected applications, such as emails, often hidden from human view.
When a user requests ChatGPT to process information containing these hidden prompts, the AI could execute unauthorized commands. These exploits range from zero-click data exfiltration to malicious command storage for persistence, and even worm-like propagation across inboxes. Radware detailed four attack vectors: zero-click server-side, one-click server-side, persistence, and propagation.
Fortunately, OpenAI addressed the 'ZombieAgent' vulnerability, implementing a fix on December 16. While the specifics of the patch were not disclosed, the company's swift action aimed to mitigate the risks associated with these prompt injection attacks in the newly integrated ChatGPT apps.
