Flaws in ChatGPT extensions allowed access to sensitive data

New threat research from Salt Labs has uncovered critical security flaws within ChatGPT plugins, highlighting a new risk for enterprises. Plugins provide AI chatbots like ChatGPT with access and permissions to perform tasks on behalf of users within third party websites. For example, committing code to GitHub repositories or retrieving data from an organization's Google Drives. These security flaws introduce a new attack vector and could enable bad actors to gain control of an organization's account on third party websites, or allow access to personal identifiable information (PII) and other sensitive user data stored within third-party applications. The Salt Labs… [Continue Reading]