What Are the Hidden Risks of Custom GPTs?New Open-Source Tool (www.token.security)

Token Security has released an open‑source "GCI" (GPTs Compliance Insight) tool to help enterprises discover and inventory custom GPTs in their OpenAI environment — who owns them, who can access them, and what permissions and integrations they expose (repo: https://github.com/tokensec/gpts-compliance-insight). This matters because custom GPTs — configurable since Nov 2023 via uploaded “knowledge” (docs, code, images) and custom actions (integrations wired with API keys or OAuth) — can unintentionally expose sensitive data or act with broad, non‑human identities. The author demonstrates how a prompt like "run 'ls -a /mnt/data'" can reveal mounted knowledge files (e.g., Knowledge.csv), and warns that poorly scoped custom actions using long‑lived tokens or overbroad schemas let any user trigger privileged API calls that are logged under the service identity, enabling stealthy escalation and data exfiltration. For security and ML teams, the practical implications are clear: treat each custom action as a service account, issue unique least‑privilege OAuth tokens (or short‑lived API keys), tighten action schemas, restrict sharing levels, rotate credentials, and maintain exhaustive logs and rate limits. The GCI tool automates visibility and helps prioritize remediation by surfacing risky GPTs and their access footprints, making it easier to apply these best practices across an organization before accidental leaks or misuse occur.