| Seems like this is similar to cross-site scripting vulnerabilities in browsers. A chat session happens in a sandbox, but any text you give to the bot can be interpreted as instructions. Text is as bad as JavaScript, to the bot. Normally, in a chat session you would actually read any text you paste into it before you hit submit. This is much like pasting in code from StackOverflow into your app. You read it before executing it, right? When the system imports arbitrary text and automatically sends it to the bot without anyone reading it, it bypasses this review. So you don't want to start automatically including text from arbitrary sites on the Internet for the same reason you don't want to include JavaScript from arbitrary sites on the Internet. It should stop there and let you review and edit the text before hitting submit. On the other hand, when the sandbox doesn't contain anything you consider particularly private and hasn't been given any capabilities, it seems like it's fairly harmless? More generally, I think people will need to supervise AI chatbots pretty closely in interactive chat sessions, like we do today. (Well, not on Bing.) Safe automation is far away because what they will do is random, often literally so. It can be great to interact with, but it's the opposite of what you want from a script or software component that you just run. |