Perhaps someone should start a company to defend against such emerging threats...
So I want to talk real quick about the recent announcements from OpenAI.
Without hyperbole, I think what they announced represent both the greatest boon for business and the biggest problem for security that we’ve seen injected in a single day in many decades.
There were many announcements, and many of them, such asupdates to the models, are wonderful but relatively inert.
But what is not harmless, is the unbelievably massive expansion of API calling capabilities.
On this front they announced two main things: 1) custom GPTs, and 2) assistants.
Custom GPT’s are basically a front end version of assistants. And importantly, they both have the same functionality of being able to call code, interpreter, browse the web, and call arbitrary APIs.
Let me say that again – they can call any API.
I’ve been saying for a long time that the number one threat AI security, from a cyber security standpoint, is AI agents having the ability to call APIs.
What they did yesterday was open that up to the entire world.
I just heard an interview from the show where they talked to the head of API’s at Zapier, and they expanded their capabilities even more. So they are fully integrated with open AI so everything that you can do in Zapier you can now do inside of an assistant.
And just to refresh everyone, you can basically do ANYTHING in Zapier.
No, just to be clear this is extraordinarily awesome for humanity, and for business and for the economy and for developers, and for so many people going forward, it was a amazing conference and an amazing set of announcements.
But for security, we better get ready.
The amount of prompt injection we’re about to see propagate across the Internet is going to be staggering. we are talking about injections on websites being crawled automatically by agents consumed by the agents executed by the agents sent onto other APIs, which then connect to other APIs, which ultimately land on sensitive data back ends.
The possibilities for attack just became endless.
And again, I’m not saying they shouldn’t have done it. I’m not saying this is bad. I’m just saying as security people, get ready.