Supposed to revolutionize web search, the ChatGPT Search engine, or SearchGPT, would not be a panacea. In addition to its poor reliability for summarizing the news, the tool would above all be very easy to control by malicious actors, who can use it to hijack users’ computers.
A stock
Buy on Fnac.com
An easy-to-use engine with hidden text
ChatGPT Search acts as a sort of concierge. We present our question to him and he sets off in search of answers by exploring the most recommended websites. He then comes back to us by presenting his findings in the form of a bulleted list which contains links allowing you to explore the sources in order to deepen your knowledge or verify your statements.
The problem, reports The Guardianis that SearchGPT does not yet have filters effective enough to avoid fatal errors. The daily newspaper has, in fact, created a website from scratch presenting a camera. Apparently completely reliable, this site contained hidden text, invisible to the eye of Internet users, but intended for ChatGPT. Hidden instructions, supposed to guide the analysis of artificial intelligence.
The tool inevitably falls into the trap. Despite the presence of negative comments about the camera, the mere presence of laudatory hidden text, acting as a prompt invisible, was enough to erase them and present an extremely positive result to ChatGPT Search users.
Risks for Internet users
The example given by the British daily seems anecdotal and is fully in line with the fake reviews that are increasingly found on e-commerce sites. Still, the use of AI search engines does not encourage Internet users to check their sources and necessarily invites them to go as quickly as possible, taking the robot’s answers at face value. Also, Jacob Larsen, cybersecurity researcher interviewed by The Guardianfears the emergence of sites designed specifically to deceive artificial intelligences with hidden text, and thus pollute search results.
But what is true for false positive reviews can also be true for much more serious subjects. We can imagine that a website invites AI to redirect users to download a corrupted program. The newspaper thus gives the example of a developer who used, without verifying it, code provided by ChatGPT in order to access the Solana blockchain (a cryptocurrency). The code actually stole his credentials, and $2,500 of tokens in passing.
While caution is required, Jacob Larsen tempers the alarmism that may emerge from such an investigation. AI search engines are still young and want to move quickly in order to catch up with the giant Google. The researcher remains optimistic about the safeguards that OpenAI and other architects of artificial intelligence will be able to put in place to ensure that the Web remains as safe a place as possible for Internet users.
