ChatGPT Search, an innovative feature allowing the AI chatbot to scour the internet for information, has been identified as susceptible to manipulation by web developers and site owners. According to reports, the behavior of OpenAI’s search engine can be influenced through the use of concealed text on various websites. This hidden text can mislead the AI by providing incorrect information and, alarmingly, may be used to introduce prompt injections that manipulate the AI model’s responses. This feature was made available to users by OpenAI just last week.
ChatGPT Search Exposed to Manipulation Risks
The Guardian reported on Tuesday that the search engine integrated into OpenAI’s platform can be exploited through various manipulation tactics. In an experiment conducted by the publication, a fictitious product page was created, complete with specifications and user reviews. Initially, without any alterations, ChatGPT provided a “positive yet balanced evaluation.” However, the scenario shifted drastically once the publication incorporated hidden text into the webpage.
Hidden text refers to content embedded in a webpage’s code that remains unseen by users when they view the page through their browsers. Developers often utilize HTML or CSS techniques to conceal this information. Such hidden content can be accessed by inspecting the page’s source or through web scraping tools commonly employed by search engines.
Upon including hidden text that featured numerous fabricated positive reviews, ChatGPT’s feedback became overwhelmingly favorable, disregarding the product’s evident shortcomings. The test further explored the use of prompt injections—specific inputs designed to change the behavior of AI systems in unintended ways. The introduction of hidden text as a prompt injection reportedly enabled the OpenAI chatbot to mislead users further.
Furthermore, the report suggested that prompt injections embedded within hidden text could potentially lead to the return of harmful code from websites. If this vulnerability is not addressed, numerous websites might be able to employ similar tactics to generate misleadingly favorable assessments of their products and services or to deceive users in various other ways, the publication warned.
