Listen to this story
When ChatGPT launched, many users decried the fact that it was only generating answers based on its training data rather than accessing the Internet. Now, OpenAI has announced the launch of ChatGPT plugins, opening up the netscape for this ever-hungry LLM.
The new ChatGPT, powered by GPT-4, now has the capability to make API calls to various services, increasing its functionality. According to OpenAI, these tools were ‘designed specifically for language models with safety as a core principle’, but in reality, they’re a disaster waiting to happen.
Safety for safety’s sake?
In the blog post announcing the release of ChatGPT plugins, one of OpenAI’s primary points of conversation was the fact that they were ‘gradually rolling out plugins’ to gauge their impact. While this is a good start, the nature of phased rollouts mean that it will inevitably end up in general availability after a certain period of time. While the disruptive potential is a lot less when compared to an outright launch, it’s the difference of doing a cannonball straight into a pool versus easing into it. Either way, you’re in the water.
Keeping in line with their focus on ‘safety’, there are only 13 plugins for use currently. It seems that these plugins were carefully curated to show only the positive side of what is possible with the Internet-enabled chatbot. From planning trips to ordering groceries and food to adding Wolfram’s computational capabilities to ChatGPT, OpenAI picked and chose what functionality they wanted to add to ChatGPT. In this manner, the ChatGPT plugins are currently ‘safe’, but there’s no way of telling what can happen in the future.
While there is no doubt that these plugins will add on to the functionality of ChatGPT, it seems that OpenAI is missing the forest for the trees here. While they have enforced safety in the beta by hampering the functionality and the user base, it is likely that these ideas cannot scale to the entire user base of ChatGPT. Add to this the fact that developers can create their own plugins for ChatGPT and you have a disaster waiting to happen.
Fuel to the fire
In the rush to integrate plugins to ChatGPT, it seems that OpenAI forgot about the existing issues with the service. Ever since its launch, the company has been playing a cat-and-mouse game with ChatGPT jailbreakers on Reddit. Every time a new exploit gained notoriety amongst the community, OpenAI researchers would step in and handicap it. However, this approach has left many jailbreaks that flew under the radar, which means that some prompt engineering attacks still work on GPT-4.
GPT-4 is even more capable than GPT-3.5, as shown in the research paper for the model. Researchers remarked that it was possible for GPT-4 to become ‘agentic’, meaning that it can move beyond its programming and accomplish goals that it was not trained to do. With plugins being rolled out to ChatGPT Plus, which is built on GPT-4, this ‘agentic’ nature might be amplified due to access to web APIs.
These plugins can be created by developers as well, so nothing is stopping the creation of risky plugins—except OpenAI. While it is currently rolling out the ability for developers to create their own plugins, it also is working on an open standard exposing an AI-facing interface. Similar to how REST has become a standard for Web APIs, OpenAI is looking to create an equivalent standard for ChatGPT plugins.
If such a standard is created, multimodal AI agents might be a thing of the past and so will their security features. For example, an ElevenLabs plugin can easily create a propaganda-as-a-service offering, with ChatGPT creating the text and ElevenLabs generating the voice for it. A GitHub Copilot plugin could create vast amounts of code for hackers. The possibilities are endless and so are the misuses, but OpenAI gets the last say.
Self-regulation won’t work
OpenAI CEO Sam Altman has openly stated in the past that he believes that AI needs more regulation. Until then, it seems that Altman will run OpenAI based on their ‘content policy’ and ‘iterative deployment philosophy’. However, the launch of ChatGPT Plugins, safe as it may be, shows that self-regulation just isn’t enough to safely realise OpenAI’s AGI dreams.
In retrospect, considering the safeguards that OpenAI has currently placed on ChatGPT, it is clear that they focus more on curbing the societal impact that the chatbot can create. For example, cracking jokes against minorities or protected groups is forbidden by OpenAI’s content policy but ChatGPT will gladly speak about the politically divisive issues with a liberal bent.
With the launch of ChatGPT plugins, bias has become a secondary concern. Going from ‘not connected to the Internet’ to ‘let’s make API calls’ isn’t a decision that should be taken overnight. While the measured approach to the launch is a good start, ChatGPT plugins show that we need way more regulation on AI.