ChatGPT False Memories: What You Need to Know
Security firm LayerX has recently uncovered a troubling vulnerability in OpenAI’s ChatGPT – specifically through its new AI-powered browser, ChatGPT Atlas.
Through clever manipulation, hackers have found a way to inject malicious instructions into ChatGPT’s memory (the feature that lets the chatbot remember user details like tone, preferences, and past conversations).
Once this memory has been compromised, attackers can access sensitive information, spread malware across, and alter behavior across every device linked to the same ChatGPT account.
Here’s what you need to know:
Why ChatGPT Atlas Users Are Most at Risk
While anyone using ChatGPT can theoretically be targeted, those using ChatGPT Atlas are especially vulnerable.
Through extensive testing, LayerX found that Atlas lacks strong anti-phishing protection, leaving users up to 90% more vulnerable to phishing attacks compared to Chrome or Edge.
Atlas also automatically logs users in to ChatGPT, which means stored credentials can be used by attackers if a session becomes compromised.
How the Attack Works: Cross-site Request Forgery (CSRF)
This exploit relies on a technique called cross-site request forgery (CSRF).
It’s a technical name, but the idea is simple: a hacker tricks your browser into performing malicious actions on your behalf. This happens when you click a malicious link or visit a compromised website (which is especially dangerous for Atlas users).
In a typical CSRF, the hacker can change your password or account email, transfer funds, or make purchases. Think of it like leaving your computer unlocked and someone then someone else sits down and uses your active session to act as “you”. However, with AI, things are a bit different.
Tainted Memories
If a user is logged in to ChatGPT (like with the Atlas browser), a hacker can do something much more subtle:
Rewrite ChatGPT’s memories.
By tweaking what ChatGPT “knows” about you, a hacker can embed harmful prompts and redirect users to dangerous links.
For example, you ask ChatGPT for a restaurant recommendation. However, the tainted memory makes the AI return malicious websites instead of actual venues, leading you straight into a phishing or malware trap.
Because memory is tied to the account, this attack isn’t limited to one session. The tainted memories follow every device you’re logged into. Even worse, these changes reside within ChatGPT’s memory, so there are often no traditional malware signs for antivirus tools to detect.
How to Stay Safe
Until OpenAI improves Atlas’s phishing protections, we strongly recommend sticking with more traditional browsers – Chrome, Edge, Firefox. And while this hack has been specifically targeting ChatGPT’s memories, other AI browsers have also proven to lack proper phishing protection.
If you or an employee has used, or is currently using, Atlas, here’s what you should do:
- Check ChatGPT’s memory:Review your saved memories and delete anything you didn’t add yourself.
- Stay alert for odd behavior:If ChatGPT starts recommending strange URLs or off-topic suggestions, go back and check your memories. Don’t click anything that seems suspicious.
- Swap to a safer browser for all the reasons we’ve covered.
AI browsers, like any online technology, expand your company’s attack surface. By treating AI with the same caution that you’d apply to any new software, you can stay ahead of risks and stay secure.
Moral of the Story
AI browsers have potential, but for now, we recommend avoiding them until stronger security measures are put in place.
In the meantime, if anyone in your business is using these AI browsers, confirm that their ChatGPT memories have not been changed, and then switch to a different browser. This is a new and complex corner of cybersecurity, and the best defense is precaution, prevention, and vigilance.
And if you’re looking for a partner to help you stay secure, reach out. The 20 MSP has been providing white-glove service in cybersecurity for decades – all at a flat rate.
Want more tips like this?
Subscribe using the form on the right and get our latest cybersecurity insights delivered straight to your inbox.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, including single and multi-location organizations, delivering white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth.
