They are saying that client-side only "ACL" is sloppy and that could be an indication of even more internal slop (of which title-leak may be another symptom)
I suspect it was a deliberate decision not to ACL plugins.
They let anyone create and use one after all.
The only reason approval exists at all is so users aren't tricked into running low quality or spammy plugins.
You could consider this similar to someone revealing that lots of apps banned from app stores are available on other websites and one could write the headline "banned app leaks onto apkmirror.com, is google security compromised?"
> The only reason approval exists at all is so users aren't tricked into running low quality or spammy plugins.
Really? Allowing the suppliers of plugins to verify that ChatGPT understands the descriptions and uses them as expected (especially for ones which perform actions beyond data retrieval) before releasing them into the wild as intermediaries between users and the systems exposed by them isn’t part of that?
No, you could consider this similar to someone revealing that lots of apps banned from app stores are available on the same app stores that they’re banned from, which, yeah, looks a bit dodgy.
Nope, banned is banned - this is exactly like “someone has found a way to distribute a certificate to allow you to install an in review app from the App Store, it might be rejected later though”
Whether something is a security problem or not requires a threat model and a notion of what the appropriate functioning of the system is. For all we know, OpenAI intended to release these plug-ins this way, sort of like those bars that require a "secret password" to create a sense of mystery.
As an external observer, all I can say is controlling access to plug-ins via client side validation was an unusual choice and it makes me worried they made the same unusual choice elsewhere to protect data I care about.
