Hacker Uncovers Secret ChatGPT Plugins in OpenAI API
In a surprising revelation, a hacker known as rez0, announced this morning that they had discovered over 80 secret plugins within the new ChatGPT API by OpenAI. The discovery was made by removing a specific parameter from an API call.
Among the hidden plugins were a “DAN plugin”, “Crypto Prices Plugin”, and many others. To access these unreleased features, users can set up match-and-replace rules through an HTTP proxy. Although there are client-side checks in place to validate permission to use the plugins, it appears these can be bypassed.
Furthermore, the API also exposed a “description_for_model” parameter that was not intended for users. This intriguing detail provides insight into how the AI model is instructed to utilize the plugins.
OpenAI has since addressed the issue and fixed the vulnerability. While the incident raises questions about security, it also showcases the responsiveness and efficiency of OpenAI in addressing potential risks.
{
"prompt": "Hacker Uncovers Secret ChatGPT Plugins in OpenAI API, deepleaps.com, high-resolution, cinematic lighting, 8k, octane render, highly detailed, 12k, raw",
"seed": 3242975,
"used_random_seed": true,
"negative_prompt": "",
"num_outputs": 1,
"num_inference_steps": 25,
"guidance_scale": 7.5,
"width": 512,
"height": 512,
"vram_usage_level": "balanced",
"sampler_name": "euler",
"use_stable_diffusion_model": "protogenX58RebuiltScifi_10",
"use_vae_model": "vae-ft-mse-840000-ema-pruned",
"stream_progress_updates": true,
"stream_image_progress": false,
"show_only_filtered_image": true,
"block_nsfw": false,
"output_format": "jpeg",
"output_quality": 75,
"metadata_output_format": "none",
"original_prompt": "Hacker Uncovers Secret ChatGPT Plugins in OpenAI API, deepleaps.com, high-resolution, cinematic lighting, 8k, octane render, highly detailed, 12k, raw",
"active_tags": [],
"inactive_tags": [],
"use_upscale": "RealESRGAN_x4plus",
"upscale_amount": "4"
}