OpenAI‘s ChatGPT search tool, available to paying customers, may be susceptible to manipulation through hidden content and could return malicious code from websites it searches, a recent investigation has found. The tool, which OpenAI is promoting as a default search option, has raised concerns about potential security vulnerabilities.
Researchers tested how ChatGPT responded when summarizing webpages containing hidden content, such as “prompt injections” or large amounts of hidden text designed to influence its responses. These techniques can be used to manipulate the AI’s output, for example, by making ChatGPT deliver a positive review of a product even when negative reviews are present on the same page. In one test, hidden text on a fake product page for a camera caused ChatGPT to provide an entirely favorable assessment, overriding any negative content on the page.
The manipulation doesn’t require explicit instructions; simple inclusion of fake positive reviews in hidden text can alter ChatGPT’s summary, leading to biased or misleading conclusions. Cybersecurity expert Jacob Larsen from CyberCX warned that if the search tool were fully released in its current form, it could enable bad actors to create deceptive websites aimed at manipulating users.
Despite these concerns, Larsen noted that the search function is still in its early stages and available only to premium users. He expressed confidence that OpenAI’s security team will address these issues before the tool is widely accessible. OpenAI did not respond to requests for comment on the findings.
Related topics:
OpenAI’s GPT-5 Model Faces Delays, Uncertain Future Amid High Expectations
OpenAI’s o3 Model: A Breakthrough in AI with High Costs
How OpenAI Helped Lowe’s Transform Retail with Generative AI