LLM Platform Security: Applying a Systematic Evaluation Framework to OpenAI's ChatGPT Plugins

TL;DR

This paper introduces a systematic framework for evaluating the security, privacy, and safety of third-party apps in LLM platforms like ChatGPT, using an attack taxonomy and applying it to OpenAI's plugin ecosystem.

Contribution

It develops a comprehensive attack taxonomy for LLM platform security and demonstrates its application on OpenAI's plugin ecosystem to identify vulnerabilities.

Findings

Identified concrete security issues in OpenAI's plugins

Developed an attack taxonomy for LLM platform threats

Provided recommendations for enhancing platform safety

Abstract

Large language model (LLM) platforms, such as ChatGPT, have recently begun offering an app ecosystem to interface with third-party services on the internet. While these apps extend the capabilities of LLM platforms, they are developed by arbitrary third parties and thus cannot be implicitly trusted. Apps also interface with LLM platforms and users using natural language, which can have imprecise interpretations. In this paper, we propose a framework that lays a foundation for LLM platform designers to analyze and improve the security, privacy, and safety of current and future third-party integrated LLM platforms. Our framework is a formulation of an attack taxonomy that is developed by iteratively exploring how LLM platform stakeholders could leverage their capabilities and responsibilities to mount attacks against each other. As part of our iterative process, we apply our framework in the context of OpenAI's plugin (apps) ecosystem. We uncover plugins that concretely demonstrate the potential for the types of issues that we outline in our attack taxonomy. We conclude by discussing novel challenges and by providing recommendations to improve the security, privacy, and safety of present and future LLM-based computing platforms.