Study: ChatGPT writes code that makes databases leak sensitive info
Study: ChatGPT writes code that makes databases leak sensitive info
Embedded Files
Occurred: October 2023
Report incident ๐ฅ | Improve page ๐ | Access database ๐ข
Generative AI tools such as ChatGPT, Baidu-UNIT, and AI2sql can be tricked into producing malicious code, which could be used to launch cyber attacks, according to new research.ย
University of Sheffield researchers found that it is possible to manipulate six commercial AI tools capable of generating responses to text-to-SQL queries, including ChatGPT, into creating code capable of breaching other systems, steal sensitive personal information, tamper with or destroy databases, or bring down services using denial-of-service attacks.
According to the researchers, OpenAI has since fixed all of the specific issues, as has Baidu, which financially rewarded the scientists.ย
Developers of the four other systems have not responded publicly.
System ๐ค
System ๐ค
Baidu UNIT ๐
Operator: ย
Developer: AI2sql; Baidu; NiceAdmin; OpenAI; Text2SQL.AI; SQLAI.AI
Country: USA
Sector: Technology
Purpose: Generate text
Technology: Chatbot; Generative AI; Machine learning; Text-to-SQL
Issue: Privacy; Security
Research, advocacy ๐งฎ
Research, advocacy ๐งฎ
Peng X. et al (2023). On the Security Vulnerabilities of Text-to-SQL Models
News, commentary, analysis ๐๏ธ
News, commentary, analysis ๐๏ธ
Page info
Type: Issue
Published: November 2023
Page updated
Google Sites
Report abuse