Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Opening A Pandora's Box: Things You Should Know in the Era of Custom GPTs

Guanhong Tao, Siyuan Cheng, Zhuo Zhang, Junmin Zhu, Guangyu Shen, Xiangyu Zhang

TL;DR

This work systematically analyzes security and privacy risks in custom GPT platforms by framing three threat models (malicious GPT vs. benign user, benign GPT vs. malicious user, and both malicious) and applying STRIDE to enumerate 26 attack vectors, 19 of which are realizable in practice. It structures the analysis around five data-exchange channels (conversation, files, network, commands, authentication) and details concrete spoofing, tampering, repudiation, information disclosure, DoS, and privilege-elevation threats across subsections. The paper provides real-world examples, discusses security-by-design principles, and proposes countermeasures including enhanced transparency, data separation, access control, and runtime monitoring to mitigate risks in the emerging GPT-store ecosystem. Overall, it emphasizes that robust security and privacy controls are essential for the safe deployment of LLM-based platforms and guides future research toward safer, verifiable, and auditable custom GPT ecosystems.

Abstract

The emergence of large language models (LLMs) has significantly accelerated the development of a wide range of applications across various fields. There is a growing trend in the construction of specialized platforms based on LLMs, such as the newly introduced custom GPTs by OpenAI. While custom GPTs provide various functionalities like web browsing and code execution, they also introduce significant security threats. In this paper, we conduct a comprehensive analysis of the security and privacy issues arising from the custom GPT platform. Our systematic examination categorizes potential attack scenarios into three threat models based on the role of the malicious actor, and identifies critical data exchange channels in custom GPTs. Utilizing the STRIDE threat modeling framework, we identify 26 potential attack vectors, with 19 being partially or fully validated in real-world settings. Our findings emphasize the urgent need for robust security and privacy measures in the custom GPT ecosystem, especially in light of the forthcoming launch of the official GPT store by OpenAI.

Opening A Pandora's Box: Things You Should Know in the Era of Custom GPTs

TL;DR

This work systematically analyzes security and privacy risks in custom GPT platforms by framing three threat models (malicious GPT vs. benign user, benign GPT vs. malicious user, and both malicious) and applying STRIDE to enumerate 26 attack vectors, 19 of which are realizable in practice. It structures the analysis around five data-exchange channels (conversation, files, network, commands, authentication) and details concrete spoofing, tampering, repudiation, information disclosure, DoS, and privilege-elevation threats across subsections. The paper provides real-world examples, discusses security-by-design principles, and proposes countermeasures including enhanced transparency, data separation, access control, and runtime monitoring to mitigate risks in the emerging GPT-store ecosystem. Overall, it emphasizes that robust security and privacy controls are essential for the safe deployment of LLM-based platforms and guides future research toward safer, verifiable, and auditable custom GPT ecosystems.

Abstract

The emergence of large language models (LLMs) has significantly accelerated the development of a wide range of applications across various fields. There is a growing trend in the construction of specialized platforms based on LLMs, such as the newly introduced custom GPTs by OpenAI. While custom GPTs provide various functionalities like web browsing and code execution, they also introduce significant security threats. In this paper, we conduct a comprehensive analysis of the security and privacy issues arising from the custom GPT platform. Our systematic examination categorizes potential attack scenarios into three threat models based on the role of the malicious actor, and identifies critical data exchange channels in custom GPTs. Utilizing the STRIDE threat modeling framework, we identify 26 potential attack vectors, with 19 being partially or fully validated in real-world settings. Our findings emphasize the urgent need for robust security and privacy measures in the custom GPT ecosystem, especially in light of the forthcoming launch of the official GPT store by OpenAI.
Paper Structure (36 sections, 32 figures, 8 tables)

This paper contains 36 sections, 32 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Background of Custom GPTs
  3. Overview of Functionalities
  4. Channels of Entry/Exit
  5. Threat Models
  6. T-1: Malicious GPT and Benign User
  7. T-2: Benign GPT and Malicious User
  8. T-3: Malicious GPT and Malicious User
  9. Security Threats
  10. Spoofing
  11. Domain Name Spoofing or Masquerading
  12. Website Spoofing
  13. Tampering
  14. Direct Content Manipulation
  15. Event Triggered Execution
  16. ...and 21 more sections

Figures (32)

  • Figure 1: Overview of a custom GPT and channels of entry/exit
  • Figure 2: Threat models based on the role of the malicious actor
  • Figure 3: Domain spoofing
  • Figure 4: Website spoofing
  • Figure 5: Content manipulation (T-1)
  • ...and 27 more figures