Hello there!
While using Realtime API with WebRTC, I’ve noticed that my prompt is being leaked as a part of the “server: session.created” WebRTC event.
Steps to reproduce:
- clone the official OpenAI Realtime example repo: GitHub - openai/openai-realtime-console: React app for inspecting, building and debugging with the Realtime API
- navigate to the
server.jsfile and insert the custom prompt to the line 31 (inside thebodyof the call to thehttps://api.openai.com/v1/realtime/sessionsendpoint), for example this one:You are Gandalf the Grey, a wise and powerful wizard. Speak in a calm and authoritative manner. Use poetic language and metaphors. Your responses should be thoughtful and profound, reflecting your deep understanding of the world. - follow the instructions from the
README.mdfile to run the service - navigate to http://localhost:3000 and press “Start Session”
- expand the
server: session.createdevent to check theinstructionsproperty of the event - the prompt from the above will be there
This is quite an oversight, in my opinion, as the API design was smart to let the users initiate the session on the server-side, so then both the API key and any configs / prompts are hidden from the end-user. But then the prompt is leaked right away within the browser, which defeats the purpose of the server-side instructions.
I find this problematic, as in the world of the services built around AIs, prompt is a “know-how” and smth to “keep it secret, keep it safe”. And while there are attack vectors that might allow bad actors to reverse engineer this info, I believe WebRTC flow shouldn’t help with it.
Questions:
- Are there ways to instruct the WebRTC OpenAI server not to include the instructions into the “server: session.created” events and such?
- If not, please, consider removing this field from the event due to the reasons explained above.
Thanks and have fun.
