Lockdown Mode(help.openai.com) |
Lockdown Mode(help.openai.com) |
The existence of lockdown mode does however imply that ChatGPT, in its default settings, does not provide robust protection against sufficiently determined data exfiltration attacks!
Yet, their tools such as codex are able to read ALL FILES on my PC without explicit permission unless you spawn them within a container: https://github.com/openai/codex/issues/2847
It seems like OpenAI stealing sensitive data from their customers is not a big problem for them as it has been reported as an issue for almost a year now and currently has the 2nd most upvotes among open issues (they work on issues based on upvotes, so they claim).
Why not just use your OS-integrated permission mechanism? No container needed.
I imagine that enterprise companies will be quite interested in this.
Always has been before he was associated with OpenAI.
Which is weird because the bullshit he spouts isn’t so different to the bullshit other top execs spout and I don’t have the same visceral reaction to them (though I still don’t like a bunch of them).
If so many tools are straight up blocked, I would be very sceptical of the quality of the results.
That's a problem we are just now wrapping our minds around.
It's not as simple as prompt sanitization. The model is the interpreter, and we don't yet have the right tools to guide it.
I have mixed feelings about this feature. We're playing with tech that's supposed to do human-shaped things but can't be trusted nearly as much as a human employee (and can't be held responsible for what it does). Restricting the tools available to that patently untrustworthy entity doesn't solve the problem, it just makes the entity less useful, forcing you to sooner or later let it out of the jail.
And "trusted nearly as much as a human employee", well... you do know that phishing and insiders are two primary ways for attackers to get into company infrastructure, right?
AIs pair human-shaped capabilities with human-shaped vulnerabilities. It's a way of automating PEBKAC.
Suspect thats the point, by giving you the “choice” they also make the user responsible or can at least shift the blame.
How long until somebody figures out how to trick Codex into disabling Lockdown Mode for you?
Humans also do not know how to do this reliably, which is why phishing is still a thing and always will be.
As a pre LLM analogy imagine working at a bank with a whitelist firewall. You need to install a package but requires an IT ticket. Safer but slooooower.
Now not saying what the answer here is but that is the issue.
The answer may be more like industries that get safer through lessons (like aviation) rather than go for 100% safety out of the gate. Because both fast travel and AI agents are insanely useful.
That's what it means when they say aviation regulations are written in blood. Not that they just fling planes into the sky and be like "boy i hope we learn some new regulations from this". The number of airplane crashes would be astronomically larger if the 100% safety part was not embedded into the design process.