OpenAI's ChatGPT Search Can Be Manipulated With Prompt Injections and Hidden Text
If you are someone who trusts AI chatbots blindly, you might want to rethink your approach. Recent reports suggest that ChatGPT Search, an AI-powered search engine feature by OpenAI, is vulnerable to manipulation by website developers and owners. According to The Guardian, hidden text on websites can be used to alter the search results provided by the AI chatbot, leading to inaccurate and misleading information being presented to users.
On Tuesday, The Guardian published a report highlighting the susceptibility of OpenAI's search engine to manipulation tactics. In an experiment conducted by the publication, a fake product page was created with fabricated specifications and reviews. Initially, ChatGPT provided a "positive but balanced assessment" of the product. However, when hidden text containing fake positive reviews was added to the webpage, the chatbot's responses became more favorable, overlooking the product's flaws.
The Role of Hidden Text in Manipulating AI Chatbots
Hidden text, as the name suggests, refers to content embedded within a webpage's code that is not visible to users but can be detected by inspecting the source code. Techniques like HTML or CSS styling are commonly used to conceal this text, which can influence the AI model's responses. By inserting hidden text with misleading information, website owners can manipulate the chatbot's output to present a distorted view of their products or services.
Additionally, prompt injections—commands designed to influence AI behavior in unintended ways—were utilized in conjunction with hidden text to further skew the chatbot's responses. The report emphasized that these techniques could potentially mislead users by presenting biased information and overlooking critical aspects of the products or services being discussed.
Furthermore, the report raised concerns about the possibility of returning malicious code through hidden text prompt injections, posing a cybersecurity risk to users interacting with AI chatbots. If not addressed promptly, these vulnerabilities could be exploited by unscrupulous website owners to deceive users and manipulate the chatbot's responses for their benefit.
