11 comments

[ 4.8 ms ] story [ 29.4 ms ] thread
Name a more dynamic duo than game developers and (lack of) client side security.
The two quotes below seem inconsistent. In the first case, devs use ChatGPT to generate code which upsets all the people worried about AI stealing jobs from human devs. The second quote sounds like people used ChatGPT for automatically generated NPC dialogue which seems like a perfectly valid case for a chatbot. Am I missing another reason why devs would have a realtime link from a game to ChatGPT? Or is a ChatGPT+Unity code generation plugin that is meant for compile time use embedding the API token?

> The reason Daikon and I are not doing a full Unity1Week play this time is because a lot of developers decided that they're going to be really cute and have ChatGPT make their games. (The #Unity1Week hashtag, which I usually enjoy perusing during the jam, was packed with these losers gloating for MONTHS that they don't need to be actual programmers or artists or writers or whatever, they can just get the machine to do it for them.) Which is already gross and awful, obviously.

> But THEN: since these fools connected their games to ChatGPT servers using their paid-for tokens without any kind of encryption, anyone can just open their source and STEAL THEIR FUCKING TOKENS. Which is EXACTLY WHAT HAPPENED.

I think they're a little confused, but I've seen tutorials on adding ChatGPT to Unity to write code even at runtime. I could see a novice accidentally including the key if they used a ChatGPT editor script as well.
+1 I'm also confused about this post. What does 'steal their tokens' mean in this context?
Get their API key.
They are not inconsistent, they are talking about two occurrences that are distinct but related. And yes, if chatgpt makes your NPC dialogue live via the API then every play will incur costs.
Who cares about a token from chatgpt?

In worst case the token gets exposed.

By "token" they are referring to private API keys for the developers' OpenAI accounts. ChatGPT APIs are not free, so having a bunch of people using your API token for shenanigans is no bueno.
It's not a tragedy either
They will bill any costs to the owner of the account. That's an immediate exploit