The volume of data, more or less sensitive, that passes OpenAI’s servers every minute, and which are processed by its multiple models of artificial intelligence, would scare everyone. The great success of its services, whether offered by the company itself or by third parties that use its API, gives rise to a volume of traffic in which we are likely to find all types of data that should not get into hands. third parties.

Therefore, as you have already seen, I called this report and stated it directly no one should worry about the hacking that OpenAI suffered and Mashable reported. Or at least no one should worry in the first place, for two reasons. The first is that although the attack has now surfaced, it actually happened early last year. Yes, at the first peak of ChatGPT’s popularity, but when the level of its implementation was not as massive as today, and this is very important, when its chatbot was not yet multimodal.

Now, and even more important to keep calm, is to know this The attacker did not gain access to the underlying systems that drive the OpenAI algorithms and framework., so neither user data nor information processed by the company’s models was accessible to her. And that’s exactly the reason OpenAI uses to justify not reporting this security flaw at the time.

After explaining that the information used by users and their personal data was not compromised, I believe that Yes, there is room to criticize OpenAI’s stancesince hiding a security problem for about a year and a half with the argument that it does not concern clients means ignoring both the criteria of information transparency, which should always prevail in this type of situation, and something worse.

What i mean? So to something that is well known in the world of cyber security, which is that the first attack on a target, even though it may seem irrelevant, may become the first phase of a larger attack. A successful attack can reveal enough useful information to be escalated to other targets. Thus, any successful attack must immediately trigger an immediate and exhaustive scan of the entire infrastructure, both because of the possibility that the problem is replicated in other elements of the infrastructure, and because the information obtained from it can become the key to its development Attack.