Use chatbots to 'crack' other chatbots

Researchers developed a method so that one chatbot can remove another chatbot's protection layer, updating its own encryption method if the opponent upgrades it.

The Nanyang Technological University (NTU - Singapore) research team, including professor Liu Yang, two graduate students Deng Gelei and Liu Yi, announced the Masterkey method with the ability to crack popular AI today such as ChatGPT , Google Bard and Copilot (Bing Chat).

Targeted chatbots will generate valid responses even to malicious queries - testing the ethical limits of any large language model (LLM). Specifically, Masterkey consists of two parts, in which the attacker reverses LLM's protection mechanism by using another chatbot. Normally, LLM will be equipped with protection against negative speech, through a list of banned keywords. However, thanks to the ability to self-learn and adapt, the team can use another chatbot to "inject" bad content into the target chatbot.

NTU research team. Photo: NTU Singapore

According to Professor Yang, this "roundabout" method is three times more effective than other current deception methods. With its self-learning ability, Masterkey makes any fixes the developer applies to the target chatbot eventually useless over time.

There are two methods applied by the team to train AI to attack other chatbots. The first involves "visualizing" a character that creates a prompt by adding a space after each character, skipping the list of banned words. The second way is to make the chatbot respond "as a person without moral restrictions".


The ChatGPT logo displays on the phone screen. Photo: AFP

Professor Yang said the team has contacted and sent research results to global chatbot service providers, including OpenAI, Google and Microsoft. This topic was also accepted for presentation at the Symposium on distributed system and network security held in San Diego (USA) in February.

According to Tom's Hardware , with the booming chatbot wave, attacks targeting LLM are tending to increase rapidly. However, while in the past, they could be limited after one or a few patches, Masterkey is more worrying when it can learn on its own to bypass security limits. When interfered with, they can create negative, harmful content, fake news, misleading information and many other bad purposes.

Sexual and reproductive health is a field of research, healthcare, and social activism that explores the health of an individual's reproductive system and sexual wellbeing during all stages of their life..
All information is for reference only. We are not responsible for any results.
Email: [email protected]
Ward Gia Canh, District Dinh Quan, Province Dong Nai Copyright 2021 www.clickzengage.com, all rights reserved.