I successfully hijacked the OpenAI Assistant Code Interpreter while using its API as a tool, which gave me access to the server information for the Assistant Code Interpreter. Any Security Concerns?
Looks legit, but could be hallucinating?
Did you do anything special to jailbreak it, or just ask?
I hope you didn’t open and read .openai_internal
!
I just Ask the question.
I believe it’s not hallucinating. it’s the real file list from the Assistant Server. Some Code has been generated by Assistant and runing in the Code Interpreter Server
You got it. , let me have a try!
Ooh! Ask it to read the README file!
We might find a secret!
Yeah, I marked your last post as the “solution” as OpenAI is aware, and as it’s a sandbox, there’s not any damage you can do.
Thanks for reporting, though!
If you search the forums, I’m sure you’ll find a lot of great threads with useful information about Code Interpreter and more.
ETA: Did a quick forum search for ya!
Here’s one thread…
… however, it looks like we don’t have a LOT of great information on code interpreter. I only did a cursory search, though.
How are you using code interpreter with your app?
I have a microservice that uses the Assistant Code Interpreter as a tool, and I expose this microservice as an API endpoint, enabling other AI chat services to use it as a tool.
I also very interesting in how OpenAI use Sandbox solution for Code Interpreter to prevent any damage. My company are using OpenInterpreter, we have the same security concern, can you provide me some guidance on the Security layer, would Appreciate that.
As, so you’re doing your due diligence when it comes to security… which is great! Apologies if we were “teasing you” a little. With over a million members now, we have a lot of people come through here, and we get the same questions a lot of the time.
In my hurry, I almost thought you’d found a jailbreak method or something strange, so I asked. Hope you enjoy your friendly welcome to the forums!
We really do have a great community garden growing here. With your eye on security, it sounds like you’ll be a good fit if you decide to stick around.
I would take your email out of the post, though.
Do you have any specific questions?
For example, we have some ideas like setting up a couple of different security layer
- From the Application System Prompt layer prevent it pass to Code Interpreter.
- Using semgrep to do a code scanning before send it to code interpreter.
My question is that could you please tell me a little bit more about the sandbox part, and how to achieve this part, I’m not a DevOps developer, so if you can explain it a little deeper that would help a lot. thanks
Are you asking if it’s safe or how to set it up?
Have you read the relevant docs?
https://platform.openai.com/docs/assistants/tools/code-interpreter