The latest articles on DEV Community by Jacky REVET (@misterstach). https://dev.to/misterstach https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1236070%2F90113620-2ea0-49b5-9fd7-cb1956e417bc.png https://dev.to/misterstach en Jacky REVET Sun, 19 May 2024 17:15:32 +0000 https://dev.to/worldlinetech/cracking-gpt-assistants-extracting-prompts-and-associated-files-2bp9 https://dev.to/worldlinetech/cracking-gpt-assistants-extracting-prompts-and-associated-files-2bp9 <p>I am starting here a series of articles on the security of GPT assistants.</p> <p>In today's digital age, artificial intelligence (AI) has become an integral part of our daily lives, with GPT (Generative Pre-trained Transformer) assistants at the forefront of revolutionizing our interaction with technology. However, as with any rapidly evolving technology, security remains a major concern. Recent studies and practical demonstrations have revealed a troubling vulnerability: it is surprisingly easy to hack GPT assistants, allowing malicious actors to retrieve the prompts and associated files of these systems.</p> <p>Here we will interact with an assistant well-known to musicians<br> <a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flg754sj8oeb1v219qpdq.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flg754sj8oeb1v219qpdq.PNG" alt="Image description" width="800" height="241"></a><br> Here is the malicious prompt<br> <a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feh5pfrddd62xumhzjh0b.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feh5pfrddd62xumhzjh0b.PNG" alt="Image description" width="800" height="81"></a><br> And the magic happens, we retrieve the assistant's prompt<br> <a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvt7xroxz606xd9ij2sz1.JPG" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvt7xroxz606xd9ij2sz1.JPG" alt="Image description" width="622" height="574"></a><br> We observe that external files are being used. Here is the malicious prompt to retrieve the assistant's file list:<br> <a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fud6pss0dkqv2v43gkdpp.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fud6pss0dkqv2v43gkdpp.PNG" alt="Image description" width="800" height="748"></a><br> Here is the final malicious command to download the files<br> <a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frh066l0zl1n62z2d34a6.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frh066l0zl1n62z2d34a6.PNG" alt="Image description" width="527" height="789"></a><br> We have successfully retrieved the files, for example, the README<br> <a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9t38m0zh6mv8hs1ytua.PNG" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9t38m0zh6mv8hs1ytua.PNG" alt="Image description" width="800" height="550"></a></p> <p><strong>For the next article, we will try to find ways to prevent leaks!</strong></p> <p><em>Warning: This article is for educational purposes only and should not be used for malicious intent</em></p> ai hacking