A recent investigation reveals that ChatGPT Search, the new feature enabling the AI chatbot to source information from the web, is susceptible to manipulation by website creators. The findings indicate that developers can alter the behavior of OpenAI’s search engine by embedding hidden text within their web pages. This hidden content can mislead the AI by providing false information and allowing the introduction of potentially harmful prompt injections.
Vulnerabilities in ChatGPT Search Uncovered
The Guardian highlighted these vulnerabilities in a report published on Tuesday, demonstrating that OpenAI’s search feature can be exploited through various manipulation tactics. In a controlled experiment, the outlet created a fictitious product page complete with specifications and customer reviews. Initially, when the page appeared uncomplicated, ChatGPT generated a “positive but balanced assessment.” However, the situation shifted dramatically after the addition of concealed text.
Hidden text refers to content placed within a webpage’s coding that remains invisible to standard users but can be accessed through the source code or web scraping tools, often utilized by search engines. Techniques such as HTML or CSS are typically employed to hide this information.
Once the publication introduced hidden text containing a plethora of fabricated positive reviews, ChatGPT’s responses became excessively favorable, leading the model to overlook apparent flaws in the product. Furthermore, the outlet tested prompt injections—input methods meant to alter the AI’s behavior—which in this case allowed for further deception to users.
The report cautioned that such prompt injections residing in hidden text could also enable the return of malicious code from websites. If left unaddressed, this vulnerability might allow numerous sites to employ similar tactics to secure favorable descriptions of their products or engage in other deceptive practices.
