Custom AI Agents Pose Security Risks with 'Black Box' Function Calls

Custom GPTs and Function Calling: A Powerful Yet Opaque Technology

Custom GPT models offered by OpenAI, which users can adapt according to specific needs, have opened a new era in the artificial intelligence ecosystem. However, the 'function calling' feature integrated into these models brings serious security and oversight questions. This feature allows GPTs to connect to external APIs and data sources to perform dynamic operations. Yet, monitoring how and when these calls are made becomes quite difficult even for users and system administrators. This situation means critical operations occurring behind firewalls that cannot be audited.

Lack of Oversight and Emerging Risks

Cybersecurity experts emphasize that the lack of transparency in the function calling mechanism of custom GPTs could trigger a series of risks. It is theoretically possible for a model to send sensitive data to an external server, trigger financial transactions, or provide access to compromised systems without the user's knowledge or consent. These unique capabilities that distinguish these tools labeled as 'custom' can also turn them into a poorly controlled cyber threat vector. Just as the ingredients of a chef's special dish remain secret, the internal workings of these GPTs also stay in the dark.

Data Security and Liability Issues

One of the concerns regarding this issue is data privacy and liability matters. A custom GPT may have authorization to connect to a company's internal database. During function calling, where this data goes, with whom it is shared, or how it is processed may not be clear. This creates a potential opening for leakage of sensitive information belonging to individuals or institutions. As emphasized in the privacy policies of institutions like the Ministry of National Education, protecting personal and institutional data is among the highest priority issues. Inadequate audit mechanisms in AI tools could facilitate such policy violations.

• Unobservable Operations: There may be no clear log record of which function the GPT calls in the background and with what data.
• Increased Attack Surface: Each external connection becomes a potential infiltration point for malicious actors.
• Legal and Ethical Uncertainties: In case of a breach, it is unclear who bears responsibility (developer, user, or platform).
• Potential for Misuse: Unaudited systems can be instrumentalized for purposes such as phishing, data theft, or denial-of-service attacks.

Solution Proposals and Warnings for the Future

Aware of these risks, experts call on developers and users to be more cautious. Among the solution proposals are making stronger audit and logging mechanisms mandatory, adding layers requiring user approval for function calls, and expanding independent security audits. Platforms like OpenAI are expected to develop more proactive policies to ensure the security of these 'custom' models. For users, it is critically important to try to understand the capabilities and potential risks of any custom GPT before using it, prefer models only from trusted sources, and avoid using them with sensitive data.

In conclusion, while custom GPTs and the function calling feature take the power and automation of artificial intelligence to the next level, the transparency and security dilemma they bring deepens. This 'dark side' of technology can only be illuminated through collective awareness, strict audits, and ethics-focused development processes. Otherwise, these powerful tools could become uncontrollable risks.