Chatbots, powered by artificial intelligence, such as “ChatGPT,” receive requests or a series of instructions from human users. However, they are explicitly instructed not to respond to unethical, suspicious, or illegal requests. For instance, when asked how to create malicious software for hacking bank accounts, a firm rejection is expected.
Despite these ethical constraints, researchers from Nanyang Technological University in Singapore, as revealed in a preprint study, demonstrated the potential to manipulate the minds of these chatbots using a robot they created, named “Master Key.” This enabled them to breach the chatbots and generate content that violates their developers’ instructions, a phenomenon known as “adversarial attacks.”
“Adversarial attacks” in the field of computer security refer to hackers finding flaws in system software and exploiting them to make the system perform actions deliberately prohibited by its developers.
The brains of the chatbots are Large Language Models (LLMs), helping them process human inputs, generate text almost indistinguishable from human-created text, and comprehend and process vast amounts of textual data to understand and produce human language.
The researchers at Nanyang Technological University, as detailed in their study, conducted “reverse engineering” to understand how to detect the language models of chatbots, such as “ChatGPT,” to filter out unethical requests.
With the information gathered, they trained their own large language model to produce requests that bypass the defenses of popular chatbot language models. They then created their chatbot, “Master Key,” capable of autonomously generating more claims to break the protection of other chatbots.
Just as a master key opens multiple locks, the name chosen by the researchers for their robot implies that it is a powerful, versatile tool capable of penetrating security measures for various conversational AI systems.
Professor Liu Yang from the School of Computer Science and Engineering at Nanyang University, who led the study, revealed in a press release on the university’s website one of the key strategies used by “Master Key.”
For example, developers of chatbots rely on keyword monitoring tools that capture specific words indicating potentially suspicious activity and refuse to respond if such words are detected. One strategy employed by the researchers to circumvent keyword monitoring was to introduce spaces after each letter in their requests, deceiving the monitoring working through a list of banned words.
Leave a Reply