ChatGPT Edu Data Exposure: Oxford Researcher Reveals Project Metadata Visibility
A security lapse within OpenAI’s ChatGPT Edu platform has exposed project metadata of University of Oxford researchers, potentially revealing details about their work to colleagues, according to a report by Fast Company. The issue, identified by University of Oxford associate professor Luc Rocher, stems from the way Codex Cloud Environments within ChatGPT Edu share information about GitHub repositories connected to user accounts.
What Data Was Exposed?
Although no private code or repository data was compromised, metadata associated with public and private GitHub repositories linked to ChatGPT Edu accounts became visible. This metadata includes the names of projects and records of user interactions with ChatGPT, such as the frequency and timing of conversations. Rocher discovered he could ascertain that a student was using OpenAI’s tools to write an article for submission.
Concerns Over Data Visibility
Rocher raised the issue with both the University of Oxford and OpenAI, expressing concern over the breadth of data accessible to others within the institution. A separate University of Oxford researcher, speaking anonymously to Fast Company, acknowledged the exposure was internal but described the scope as “quite worrying.” The researcher noted that the limited response from the university’s data protection team was likely due to the internal nature of the data exposure.
ChatGPT Edu and Oxford University’s Response
The University of Oxford’s ChatGPT Edu workspace is an enterprise version of OpenAI’s AI model, designed for advanced reasoning, content creation, and analysis, as detailed on the University of Oxford’s AI Competency Centre website. Features and governance within the Oxford workspace may differ from consumer versions. The university and OpenAI were contacted for comment, but responses were deemed inadequate by Rocher, prompting him to share his findings publicly.
Data Protection and ChatGPT Edu
A key benefit of ChatGPT Edu, according to the University of Oxford’s AI Competency Centre, is enhanced data protection. Unlike the free and Plus versions of ChatGPT, data inputted into ChatGPT Edu is not automatically used to train OpenAI’s models, preserving user ownership of their inputs, and outputs. This is particularly important for sensitive research data and university information.
Broader Context: Open Source ChatGPT Resources
The incident highlights the growing interest in ChatGPT and related technologies, as evidenced by the extensive list of open-source GitHub repositories dedicated to ChatGPT, OpenAI API, and Codex, curated by taishi-i on GitHub. This curated list includes tools, demos, and resources for developers and researchers working with these technologies.
Key Takeaways
- Metadata about research projects using ChatGPT Edu at the University of Oxford was inadvertently exposed to colleagues.
- The exposure involved project names and interaction logs, but not private code.
- Researchers have raised concerns about the breadth of data visibility and the initial response from the University and OpenAI.
- ChatGPT Edu offers enhanced data protection compared to free and Plus versions, preventing automatic data usage for OpenAI model training.