Salt Security has revealed vulnerabilities in ChatGPT plugins that could have led to data breaches and account takeovers on third-party websites. These plugins, designed to provide updated information and integrate with services like GitHub and Google Drive, required permissions to send user data and access accounts. The vulnerabilities included an OAuth authentication flaw in ChatGPT itself, allowing attackers to install malicious plugins on victims’ accounts without confirmation. Additionally, flaws in specific plugins like AskTheCode and Charts by Kesem AI could have enabled attackers to seize control of GitHub accounts through zero-click exploits or crafted links. Salt Security promptly reported these issues to OpenAI, PluginLab.AI, and Kesem AI, prompting patch releases. While ChatGPT plugins were the primary means of extending functionality, OpenAI’s introduction of customizable GPTs for paying customers aims to replace them. However, Salt Security also found vulnerabilities in GPTs and plans to detail them in a future blog post, highlighting ongoing concerns about security in AI models.

