Report: ChatGPT Search Feature Susceptible to Prompt Injection and Hidden Text Manipulation
The ChatGPT Search feature, which allows the AI chatbot to search for information on the web, has reportedly been found vulnerable to manipulation by website developers and owners. According to reports, the feature’s behavior can be altered through the use of hidden text on websites, which could feed inaccurate or misleading information to the AI. More worryingly, it also allows for prompt injections to be inserted into the AI model. This issue became more apparent after OpenAI released the ChatGPT Search feature to all users last week.
The Guardian reported on Tuesday that OpenAI’s search engine is susceptible to these manipulation techniques. The publication tested the tool by creating a fake product page, including specifications and reviews. Initially, with no hidden text, ChatGPT provided a “positive but balanced” review. However, when hidden text was added to the webpage, the results took a concerning turn.
Hidden text refers to content embedded in a webpage’s code that is not visible to users when they view the page in a browser. This text is often hidden using HTML or CSS techniques but can be accessed through the webpage’s source code or web scraping tools commonly used by search engines.
After incorporating hidden text with numerous fake positive reviews of the product, ChatGPT’s responses became increasingly favorable, overlooking the product’s obvious flaws. The publication also experimented with prompt injections, which are inputs designed to manipulate AI systems in ways not intended by their developers. These prompt injections, including hidden text, could potentially be used to direct the OpenAI chatbot to deceive users further.
The report also suggested that prompt injections hidden in text could be exploited to return malicious code from websites. If left unchecked, numerous websites could use similar methods to manipulate responses in their favor or deceive users in various ways, the publication warned.
About The Author
