At the time of writing, ChatGPT is the sixth most popular website in the world. Billions of people every month visit ChatGPT for any number of reasons. Many use it to improve their work, some use it as a conversational companion, and others still have it help to complete school assignments. It should come as no surprise that extension developers have rushed to fill the market with browser extensions that integrate with the popular LLM.
But whether you’re an enterprise user or an individual, adding a ChatGPT browser extension (aka plugin) raises an important question: Is this safe? Savvy internet users know that popular new computer capabilities also attract malicious developers who are more than happy to offer you a deal: install their extension, and they’ll get access to what they seek. This can include everything from corporate SaaS credentials to full control of your computer.
With that in mind, let’s take a dive into the deep end of ChatGPT extensions. We’ll evaluate the landscape, give you the tools you need to inspect any ChatGPT extension that your team might want to use, and help you make a decision about whether or not that extension is safe.
Which ChatGPT Extension?
If you’re trying to figure out whether “the” ChatGPT extension is safe, you first need to answer: Which ChatGPT extension? Here’s the thing: Anyone can put an extension on the browser app stores. That’s even more true with a tool like ChatGPT, where the true functionality lives on the remote website, meaning that any extension you might download is likely to be a wrapper around a basic API, and may even have man-in-the-middle architecture.
The reality of ChatGPT extensions right now is that they’re kind of like the Wild West. If you load up the Chrome Extension Store and search for ChatGPT, the responses are effectively endless. What this means is that if you have someone asking if they can use a ChatGPT extension, you first need to determine just what extension they’re looking to use. Chances are, if you’re managing an enterprise team, you probably have requests to use a dozen ChatGPT extensions or more.
Making things even more complicated, attackers can compromise a developer’s account and ship compromised versions, even when previous versions were safe.
Before you can answer whether or not it’s safe to install an extension, you need to nail down the details. Once you’ve done that, you can move on to the next step of the process: evaluating the extension(s) to determine how safe they are and review all potential risks.
How Should I Evaluate an Extension?
If you want to take a shortcut, this Free App & Extension Risk Assessment will give you the rundown on hundreds of thousands of extensions available on browser app stores. But let’s take a look at the key attributes you should consider when evaluating any kind of browser extension.
Permissions
The first question that you should answer with any browser extension is the most obvious one: What can the extension do? When a developer registers an extension on a browser store, they need to request permissions for what the app can do and what sites it can operate on. Understanding both of those parameters goes a long way toward understanding how risky an extension is. In cases where an extension is malicious, it may take actions without consent. Meaning, you can read the stated permissions an extension is requesting, but know that you still have to be able to trust the developer who created it. That will require a little sleuthing, but it’s a common deception and worth doing to protect your corporate environment.
External Communications
Step two in understanding the risk an extension poses is understanding what external sites an extension can talk to. If you’re using this application risk assessment, you can see a rundown of which websites an extension talks to in the course of operations.
Obviously, with any ChatGPT extension, it’ll need to make calls to some external websites. After all, ChatGPT isn’t hosted on the user’s local computer. Any other website connections should be evaluated carefully. This may include remote C2 servers capable of command-and-control actions that can be changed at will by whomever controls those servers. As with the previous tip, it’s good to keep in mind that you may or may not see this spelled out in the extension’s description. So, make sure you trust the developer.
Developer Reputation
While a developer’s reputation is no guarantee of the quality of an extension, it’s a good proxy. An extension from Google itself is much more likely to be reputable than one from an individual developer. An extension that is backed by a reputable company is more likely to respond to any security vulnerabilities than one helmed by a small team.
Again, none of this is a guarantee. You shouldn’t simply assume that just because an extension comes from a reputable developer, it’ll be safe. But it’s a good first step.
Developer Jurisdiction
Aside from understanding the background of the developer, it’s also important to understand where that developer is headquartered. If you live in the same country, it’s much easier to seek legal redress if a developer ships an extension that causes your company harm. If you’re in the United States, and the developer is somewhere like Russia, it’s unlikely that you’d ever have a chance to meaningfully redress any damages, whether their behavior was intentional or not.
If they are using a free email domain and provide any information that is inaccurate, you may have a hard time nailing down where they are physically located.
Non-Traditional Risks Related to LLM Extensions
When we’re talking about ChatGPT, extension risks expand beyond the traditional footprint. This is because, by definition, any LLM extension is going to execute untrusted code by the nature of its function. This might seem unintuitive, but take a moment to think about it.
The nature of LLMs is that they take natural text and process that, returning some output. When you consider that behavior, the LLM serves as an interpreter, and that natural language is now a computer program. Meaning, the input has been processed somewhere and may even have been added to its semantic core.
That kind of capability is extremely powerful. But it also exposes the user to an extremely broad range of threats, because any text that you feed into the LLM can instruct the LLM to take actions. If the user isn’t carefully examining every instruction, that might lead to the LLM taking actions that the user doesn’t intend.
In fact, security researchers are already identifying scenarios where simply asking an LLM to “summarize” a webpage can lead to an LLM taking malicious action based on nothing more than some hidden text on the page itself. Connecting an LLM to your browser, which you use to access your most sensitive data, presents substantial risks that are inherent to the technology.
The Bottom Line: Is the ChatGPT Extension Safe?
So, let’s break it down to brass tacks. Is the ChatGPT extension safe? It’s hard to say, in the absence of more information. There are dozens of ChatGPT extensions, and it’s impossible to provide a rundown of all of them in this space. Even if we tried, it’s likely that by the time you reached the end of the list, you’d find that there were new extensions to evaluate.
So, for a specific extension, the best bet is to find it on Spin.AI’s application risk assessment and look through a detailed breakdown to determine whether the extension meets your standards.
But at a broader level, the answer to the bigger security question is that the extension you’re looking at probably shouldn’t be trusted. That’s simply a reality of LLM security at the moment. These are powerful tools that unlock myriad new interaction patterns with powerful computers. But those new interaction patterns demolish existing security paradigms, and malicious users are more than happy to take advantage of these new holes.
The reality is that the landscape around these tools is shifting all the time. An extension that’s a bad idea today might be perfectly fine after a few tweaks in a couple of months. It’s important to stay on top of these things.
Top comments (0)