Opening A Pandora's Box: Things You Should Know in the Era of Custom GPTs

TL;DR

This paper analyzes security and privacy risks associated with custom GPTs, identifying attack vectors and emphasizing the need for enhanced security measures amid growing adoption and platform expansion.

Contribution

It provides a comprehensive threat analysis of custom GPTs using the STRIDE framework, highlighting real-world validated attack vectors and security concerns.

Findings

26 potential attack vectors identified

19 attack vectors validated in real-world scenarios

Urgent need for security measures in custom GPT ecosystem

Abstract

The emergence of large language models (LLMs) has significantly accelerated the development of a wide range of applications across various fields. There is a growing trend in the construction of specialized platforms based on LLMs, such as the newly introduced custom GPTs by OpenAI. While custom GPTs provide various functionalities like web browsing and code execution, they also introduce significant security threats. In this paper, we conduct a comprehensive analysis of the security and privacy issues arising from the custom GPT platform. Our systematic examination categorizes potential attack scenarios into three threat models based on the role of the malicious actor, and identifies critical data exchange channels in custom GPTs. Utilizing the STRIDE threat modeling framework, we identify 26 potential attack vectors, with 19 being partially or fully validated in real-world settings. Our findings emphasize the urgent need for robust security and privacy measures in the custom GPT ecosystem, especially in light of the forthcoming launch of the official GPT store by OpenAI.