Security study based on the Chatgptplugin system: ldentifying Security Vulnerabilities

TL;DR

This paper analyzes the security vulnerabilities of the ChatGPT plugin system, revealing major risks and proposing improvements to enhance safety in this rapidly growing platform.

Contribution

It provides the first comprehensive security analysis of ChatGPT plugins, identifying vulnerabilities and suggesting specific security enhancements.

Findings

Identified key security vulnerabilities in ChatGPT plugin system

Proposed effective security improvements for plugin safety

Highlighted the need for regulation in plugin development

Abstract

Plugin systems are a class of external programmes that provide users with a wide range of functionality, and while they enhance the user experience, their security is always a challenge. Especially due to the diversity and complexity of developers, many plugin systems lack adequate regulation. As ChatGPT has become a popular large-scale language modelling platform, its plugin system is also gradually developing, and the open platform provides creators with the opportunity to upload plugins covering a wide range of application scenarios. However, current research and discussions mostly focus on the security issues of the ChatGPT model itself, while ignoring the possible security risks posed by the plugin system. This study aims to analyse the security of plugins in the ChatGPT plugin shop, reveal its major security vulnerabilities, and propose corresponding improvements.