Description: OpenAI's ChatGPT macOS app stored user conversations in plain text. If accessed by a malicious actor, these conversations could have been easily read. The critical security flaw was demonstrated by a third party and ultimately resolved after OpenAI released an update to encrypt the stored data.
Entities
View all entitiesAlleged: OpenAI developed and deployed an AI system, which harmed ChatGPT macOS users.
Incident Stats
Risk Subdomain
A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
2.2. AI system security vulnerabilities and attacks
Risk Domain
The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
- Privacy & Security
Entity
Which, if any, entity is presented as the main cause of the risk
Human
Timing
The stage in the AI lifecycle at which the risk is presented as occurring
Post-deployment
Intent
Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
Unintentional
Incident Reports
Reports Timeline
/cdn.vox-cdn.com/uploads/chorus_asset/file/25462005/STK155_OPEN_AI_CVirginia_B.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25462005/STK155_OPEN_AI_CVirginia_B.jpg)
Until Friday, OpenAI’s recently launched ChatGPT macOS app had a potentially worrying security issue: it wasn’t hard to find your chats stored on your computer and read them in plain text. That meant that if a bad actor or malicious app had…
Variants
A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Hackers Break Apple Face ID
· 24 reports
Inappropriate Gmail Smart Reply Suggestions
· 22 reports
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Hackers Break Apple Face ID
· 24 reports
Inappropriate Gmail Smart Reply Suggestions
· 22 reports