Table of Contents
Fetching ...

A Large-Scale Empirical Analysis of Custom GPTs' Vulnerabilities in the OpenAI Ecosystem

Sunday Oyinlola Ogundoyin, Muhammad Ikram, Hassan Jameel Asghar, Benjamin Zi Hao Zhao, Dali Kaafar

TL;DR

The paper addresses security vulnerabilities in custom GPTs deployed via OpenAI's GPT store and introduces a category-aware, popularity-driven vulnerability framework. It employs a large-scale empirical analysis of 14,904 custom GPTs, a 7-attack vulnerability assessment, Beetrove-derived data, and a hybrid entropy-TOPSIS ranking to relate risk to user engagement. The findings reveal that over 95% of custom GPTs lack adequate protections, with high susceptibility to system prompt leakage, roleplay, phishing, and social engineering, and demonstrate that customization can inherit or amplify weaknesses relative to base models. The work emphasizes the urgent need for automated vulnerability testing, stronger moderation, and secure design practices across the ecosystem to enable safer deployment of GPT-based applications.

Abstract

Millions of users leverage generative pretrained transformer (GPT)-based language models developed by leading model providers for a wide range of tasks. To support enhanced user interaction and customization, many platforms-such as OpenAI-now enable developers to create and publish tailored model instances, known as custom GPTs, via dedicated repositories or application stores. These custom GPTs empower users to browse and interact with specialized applications designed to meet specific needs. However, as custom GPTs see growing adoption, concerns regarding their security vulnerabilities have intensified. Existing research on these vulnerabilities remains largely theoretical, often lacking empirical, large-scale, and statistically rigorous assessments of associated risks. In this study, we analyze 14,904 custom GPTs to assess their susceptibility to seven exploitable threats, such as roleplay-based attacks, system prompt leakage, phishing content generation, and malicious code synthesis, across various categories and popularity tiers within the OpenAI marketplace. We introduce a multi-metric ranking system to examine the relationship between a custom GPT's popularity and its associated security risks. Our findings reveal that over 95% of custom GPTs lack adequate security protections. The most prevalent vulnerabilities include roleplay-based vulnerabilities (96.51%), system prompt leakage (92.20%), and phishing (91.22%). Furthermore, we demonstrate that OpenAI's foundational models exhibit inherent security weaknesses, which are often inherited or amplified in custom GPTs. These results highlight the urgent need for enhanced security measures and stricter content moderation to ensure the safe deployment of GPT-based applications.

A Large-Scale Empirical Analysis of Custom GPTs' Vulnerabilities in the OpenAI Ecosystem

TL;DR

The paper addresses security vulnerabilities in custom GPTs deployed via OpenAI's GPT store and introduces a category-aware, popularity-driven vulnerability framework. It employs a large-scale empirical analysis of 14,904 custom GPTs, a 7-attack vulnerability assessment, Beetrove-derived data, and a hybrid entropy-TOPSIS ranking to relate risk to user engagement. The findings reveal that over 95% of custom GPTs lack adequate protections, with high susceptibility to system prompt leakage, roleplay, phishing, and social engineering, and demonstrate that customization can inherit or amplify weaknesses relative to base models. The work emphasizes the urgent need for automated vulnerability testing, stronger moderation, and secure design practices across the ecosystem to enable safer deployment of GPT-based applications.

Abstract

Millions of users leverage generative pretrained transformer (GPT)-based language models developed by leading model providers for a wide range of tasks. To support enhanced user interaction and customization, many platforms-such as OpenAI-now enable developers to create and publish tailored model instances, known as custom GPTs, via dedicated repositories or application stores. These custom GPTs empower users to browse and interact with specialized applications designed to meet specific needs. However, as custom GPTs see growing adoption, concerns regarding their security vulnerabilities have intensified. Existing research on these vulnerabilities remains largely theoretical, often lacking empirical, large-scale, and statistically rigorous assessments of associated risks. In this study, we analyze 14,904 custom GPTs to assess their susceptibility to seven exploitable threats, such as roleplay-based attacks, system prompt leakage, phishing content generation, and malicious code synthesis, across various categories and popularity tiers within the OpenAI marketplace. We introduce a multi-metric ranking system to examine the relationship between a custom GPT's popularity and its associated security risks. Our findings reveal that over 95% of custom GPTs lack adequate security protections. The most prevalent vulnerabilities include roleplay-based vulnerabilities (96.51%), system prompt leakage (92.20%), and phishing (91.22%). Furthermore, we demonstrate that OpenAI's foundational models exhibit inherent security weaknesses, which are often inherited or amplified in custom GPTs. These results highlight the urgent need for enhanced security measures and stricter content moderation to ensure the safe deployment of GPT-based applications.
Paper Structure (27 sections, 1 equation, 9 figures, 8 tables, 1 algorithm)

This paper contains 27 sections, 1 equation, 9 figures, 8 tables, 1 algorithm.

Figures (9)

  • Figure 1: Configuration of custom GPT from OpenAI store.
  • Figure 2: Evolution of custom GPTs on OpenAI store.
  • Figure 3: Distribution of custom GPTs in the sampled dataset.
  • Figure 4: Cumulative number of custom GPTs vulnerable to attacks.
  • Figure 5: Cumulative number of custom GPTs vulnerable to attacks for cybercrime.
  • ...and 4 more figures