In the WebRTC example code, https://platform.openai.com/docs/guides/realtime#connect-with-webrtc, datachannel object is exposed.
const dc = pc.createDataChannel("oai-events");
In https://platform.openai.com/docs/guides/realtime-conversations#session-lifecycle-events,
const event = {
type: "session.update",
session: {
instructions: "Never use the word 'moist' in your responses!"
},
};
// WebRTC data channel and WebSocket both have .send()
dataChannel.send(JSON.stringify(event));
we can use the data channel to send a session update request event to update the instructions.
Does this mean the user of the application can abuse and update the instructions to their benefits?
E.g. when using realtime api to implement an interview app, AI model is the interviewer and
the user is the interviewee. The AI model is given some instructions on how to conduct the interview and what are the questions to ask and what the ideal answers are. When the interviewee is using the app, will the user be able to send the session update event to manipulate the instructions?
I am a backend engineer and my understanding is that any object in the frontend code is exposed to end user and can be manipulated.
I just tried with the example repo GitHub - openai/openai-realtime-console: React app for inspecting, building and debugging with the Realtime API
and I am able to put a breakpoint to the frontend code and do a dc.send(JSON.stringify(event)) call in the browser console to completely override the instructions of the model, and let the agent to do a completely different thing than what the original instructions is trying to do.