Equipped with various tools and knowledge, GPTs, one kind of customized AI agents based on OpenAI's large language models, have illustrated great potential in many fields, such as writing, research, and programming. Today, the number of GPTs has reached three millions, with the range of specific expert domains becoming increasingly diverse. However, given the consistent framework shared among these LLM agent applications, systemic security vulnerabilities may exist and remain underexplored. To fill this gap, we present an empirical study on the security vulnerabilities of GPTs. Building upon prior research on LLM security, we first adopt a platform-user perspective to conduct a comprehensive attack surface analysis across different system components. Then, we design a systematic and multidimensional attack suite with the explicit objectives of information leakage and tool misuse based on the attack surface analysis, thereby concretely demonstrating the security vulnerabilities that various components of GPT-based systems face. Finally, we accordingly propose defense mechanisms to address the aforementioned security vulnerabilities. By increasing the awareness of these vulnerabilities and offering critical insights into their implications, this study seeks to facilitate the secure and responsible application of GPTs while contributing to developing robust defense mechanisms that protect users and systems against malicious attacks.

翻译：GPTs作为一种基于OpenAI大语言模型的定制化AI智能体，通过配备多种工具与知识，已在写作、研究与编程等诸多领域展现出巨大潜力。当前，GPTs的数量已达三百万个，其覆盖的专业领域日益多样化。然而，鉴于这些LLM智能体应用共享一致的基础框架，系统中可能存在尚未被充分探究的系统性安全漏洞。为填补这一空白，本文对GPTs的安全漏洞进行了实证研究。基于先前关于LLM安全的研究，我们首先从平台-用户视角出发，对不同系统组件进行了全面的攻击面分析。随后，依据攻击面分析结果，我们设计了一套以信息泄露与工具滥用为明确目标的系统性、多维度攻击测试集，从而具体展示了基于GPT的系统各组件所面临的安全漏洞。最后，我们据此提出了应对上述安全漏洞的防御机制。通过提升对这些漏洞的认知并提供其影响的关键见解，本研究旨在促进GPTs的安全与负责任应用，同时为开发保护用户与系统免受恶意攻击的鲁棒防御机制做出贡献。