ChatGPT Agent shows that there’s a whole new world of AI security threats on the way we need to worry about

It’s difficult not to be impressed with the most recent advancement in artificial intelligence whether you witnessed the debut of OpenAI’s new ChatGPT Agent or if you’re a Plus, Pro, or Teams user who has had the opportunity to test out the new “agent mode” in the tools drop-down list.

The purpose of ChatGPT Agent is to assist you with difficult real-world tasks. Consider tasks like organizing a wedding, scheduling a car repair, developing an app to fix an issue, or organizing and scheduling a vacation.

ChatGPT Agent behaves like an actual employee of yours, carrying out tasks as though they had their own computer, much like OpenAI’s former agent, Operator. As it completes these duties, you can actually see what’s occurring on its “desktop”—for instance, you can see it moving windows around and filling out forms on websites.

The idea behind the whole thing is a single agent that can do the legwork, choose websites wisely, and browse the internet on its own. There is a catch: ChatGPT Agent can do everything, and you can even witness it in action if you’d like.

A new world of threats

It is ChatGPT Agent’s potent capabilities that expose you to a whole new range of security risks:

During the ChatGPT Agent launch presentation, Casey Chu stated, “As we all know, the Internet can be a scary place. There are all sorts of hackers trying to steal your information, scams, and phishing attempts, and Agent isn’t immune to all these things.”

That’s concerning, then. He continued:

We’re particularly concerned about a recent attack known as “prompt injections.” An agent who is taught to be helpful may come across a malicious website that requests your credit card information because it will assist you with your assignment, and the agent may decide that this is a good idea.

It appears that in the future, we will all have to be concerned about not just ourselves becoming phished, but also about our AIs becoming phished themselves!

“To make sure this doesn’t happen, we’ve worked hard to train our model to ignore suspicious instructions on suspicious websites,” Chu added. Additionally, we have layers of monitors that glance over the agent’s shoulder, track their movements, and halt the course of anything that seems off.

When I initially heard this, I thought I would never provide my credit card information to a ChatGPT agent in the first place, but now I would absolutely not do that. My credit card is only with Amazon and Apple because I find them to be safe and convenient, but all it would take would be a hint that they weren’t, and I, along with millions of other people, probably wouldn’t be keeping my credit card information with them.

Trust is everything

Trust is crucial when it comes to internet security. I already feel terrified by the thought of an AI agent making decisions about my purchases on its own, regardless of how many background checks it performs. Furthermore, the possibility that hostile websites may attempt to fool my AI into disclosing information by using “prompt injections” makes me too afraid to trust it.

It should be mentioned that ChatGPT Agent has a “takeover mode” in which you enter the private data into the browser yourself rather than giving it to the agent to manage. I think that would be a better method to use an agent. I doubt I’m yet at the point where I’m prepared to allow my AI to spend my money whatever it pleases, and I’m sure I’m not alone.

As CEO Sam Altman stated in the presentation, OpenAI appears to be very clear about the dangers of utilizing ChatGPT Agent with private data. However, as this is a new technology, we are not yet certain of all the potential concerns. As people begin using it, we’ll just have to wait and see.

What worries me the most, though, is what would happen if people start using AI to outsmart AI. Hackers won’t be afraid to use AI to get around our security measures, and it’s likely that AI will develop a variety of assaults that we haven’t even considered yet.