When safety researcher Johann Rehberger not too long ago reported a vulnerability in ChatGPT that allowed attackers to retailer false info and malicious directions in a person’s long-term reminiscence settings, OpenAI summarily closed the inquiry, labeling the flaw a security problem, not, technically talking, a safety concern.
So Rehberger did what all good researchers do: He created a proof-of-concept exploit that used the vulnerability to exfiltrate all person enter in perpetuity. OpenAI engineers took discover and issued a partial repair earlier this month.
Strolling down reminiscence lane
The vulnerability abused long-term dialog reminiscence, a function OpenAI started testing in February and made extra broadly accessible in September. Reminiscence with ChatGPT shops info from earlier conversations and makes use of it as context in all future conversations. That approach, the LLM can pay attention to particulars corresponding to a person’s age, gender, philosophical beliefs, and just about anything, so these particulars don’t need to be inputted throughout every dialog.