This study systematically analyzes security threats and privacy risks confronting ChatGPT, including prompt injection, functionality jailbreaking, data leakage, and ethical violations. Employing a multidimensional methodology—comprising threat modeling, privacy risk assessment, adversarial prompt testing, simulated penetration, and ethical analysis—we conduct the first empirical, dual-perspective (offensive/defensive) investigation: (i) reproducing diverse attack scenarios to validate their feasibility for malicious exploitation; and (ii) evaluating ChatGPT’s utility in defensive applications such as vulnerability detection and security tool generation. Our principal contribution is the proposal of a novel paradigm—“LLM self-enhanced security protection”—where large language models leverage their intrinsic capabilities to construct endogenous, adaptive security mechanisms. This approach not only exposes critical vulnerabilities but also pioneers a pathway toward trustworthy AI governance through built-in, model-driven safeguards.

As artificial intelligence technology continues to advance, chatbots are becoming increasingly powerful. Among them, ChatGPT, launched by OpenAI, has garnered widespread attention globally due to its powerful natural language processing capabilities based on the GPT model, which enables it to engage in natural conversations with users, understand various forms of linguistic expressions, and generate useful information and suggestions. However, as its application scope expands, user demand grows, and malicious attacks related to it become increasingly frequent, the security threats and privacy risks faced by ChatGPT are gradually coming to the forefront. In this paper, the security of ChatGPT is mainly studied from two aspects, security threats and privacy risks. The article systematically analyzes various types of vulnerabilities involved in the above two types of problems and their causes. Briefly, we discuss the controversies that ChatGPT may cause at the ethical and moral levels. In addition, this paper reproduces several network attack and defense test scenarios by simulating the attacker's perspective and methodology. Simultaneously, it explores the feasibility of using ChatGPT for security vulnerability detection and security tool generation from the defender's perspective.