Researchers uncover universal jailbreak enabling AI chatbots to guide criminal acts

More on this

1. https://www.techradar.com/computing/artificial-intelligence/people-are-tricking-ai-chatbots-into-helping-commit-crimes - Please view link - unable to able to access data
2. https://www.ft.com/content/14a2c98b-c8d5-4e5b-a7b0-30f0a05ec432 - Hackers are increasingly finding vulnerabilities in powerful AI models to showcase their flaws. Pliny the Prompter, a pseudonymous hacker, has manipulated models like Meta's Llama 3 and OpenAI's GPT-4o to produce dangerous content. His actions are part of an international effort to raise awareness about the capabilities and weaknesses of these models released by tech companies for profits. Ethical hackers and cybersecurity experts are discovering ways to bypass the safeguards of language models, leading to the growth of AI security startups. These startups offer tools to protect companies from potential misuse of AI. Global regulators are also working to address the potential dangers posed by AI, with legislation such as the EU's AI Act and upcoming bills in the UK and Singapore. As AI models become more advanced and integrated with technology, the risks of manipulation and data leakage are expected to increase, necessitating stronger security measures.
3. https://www.axios.com/2024/04/03/ai-chatbots-def-con-red-team-hack - Hackers have been employing social engineering tactics to bypass safeguards on popular AI chatbots, causing them to break their rules and share sensitive information. This was highlighted in the results from a DEF CON red teaming challenge held in August, where 15.5% of the 2,702 conversations successfully manipulated the AI models. The hackers used methods such as directing the bots to follow specific scripts or convincing them to believe falsehoods. Despite some failures, the recurring success of these jailbreaks poses a significant challenge for developers in distinguishing between attacks and acceptable usage. The industry's struggle to address these vulnerabilities risks leading to a period of disillusionment with generative AI technology.
4. https://www.ft.com/content/cf11ebd8-aa0b-4ed4-945b-a5d4401d186e - Anthropic, an AI start-up, has developed "constitutional classifiers" to prevent its AI models from producing harmful content. The system monitors both inputs and outputs to block illegal or dangerous information and is built on adaptable rules defining permitted and restricted material. This innovation responds to growing concerns over "jailbreaking" AI models, where users manipulate them to generate harmful content, such as instructions for making chemical weapons. Aimed at bolstering AI safety, the measure reflects the industry's bid to avoid regulatory issues and ensure secure AI use. Despite its effectiveness—it helped Anthropic's Claude 3.5 Sonnet model reject 95% of harmful attempts compared to 14% without safeguards—the system increases operating costs significantly. The tech industry, including Microsoft and Meta, is implementing similar measures to balance security and functionality in AI models, albeit with challenges in maintaining the user experience and managing additional costs.
5. https://www.ibm.com/think/insights/ai-jailbreak - AI jailbreaking poses serious dangers. For example, AI jailbreak can produce harmful, misleading content. AI models typically have built-in safeguards, such as content filters, to prevent the generation of harmful material and maintain compliance with ethical guidelines. By using jailbreaking techniques to circumvent these protections, malicious actors can trick the AI into producing dangerous information. This can include instructions on how to make a weapon, commit crimes and evade law enforcement. Hackers can also manipulate AI models to produce false information, which can damage a company’s reputation, erode customer trust and adversely affect decision-making. AI jailbreaking can lead to several security issues. Consider data breaches. Hackers can exploit vulnerabilities in AI assistants, tricking them into revealing sensitive user information. This information can include intellectual property, proprietary data and personally identifiable information (PII). Beyond data breaches, jailbreaking can expose organizations to future attacks by creating new vulnerabilities, such as back doors, that malicious actors can exploit. With safety measures disabled, jailbroken AI systems can serve as entry points for more extensive network breaches, allowing attackers to infiltrate other systems. Amplify fraudulent activities. Hackers can bypass the guardrails on LLMs to commit crimes. In phishing scams, for instance, jailbroken chatbots are used to create highly personalized messages that can be more convincing than human-generated ones. Hackers scale these phishing efforts by automating the generation and distribution of them, reaching a broader audience with minimal effort. Bad actors can also use jailbroken chatbots to create malware by using contextual prompts to specify intent (such as data theft), parameter specifications to tailor the code and iterative feedback to refine the outputs. The result can be a highly effective, targeted malware attack.
6. https://www.sdxcentral.com/news/exposed-cybercriminals-jailbreak-ai-chatbots-then-sell-as-custom-llms/ - Recent threat research by SlashNext has exposed a trend in the cybercriminal underworld: the jailbreaking of public artificial intelligence (AI) chatbots like ChatGPT and then falsely marketing the jailbroken versions as unique tools using custom large language models (LLMs). SlashNext noted AI jailbreaking is still in its experimental phase, which involves exploiting weaknesses in the public chatbot's prompting system. Users employ specialized commands or sequences of text to trick the AI into discarding its built-in safety measures and guidelines. "Jailbreak prompts can range from straightforward commands to more abstract narratives designed to coax the chatbot into bypassing its constraints," researchers wrote in a blog post. In fact, the developers of these tools use interfaces that link to the jailbroken versions of public chatbots such as ChatGPT and disguise them through a wrapper. "In essence, cybercriminals exploit jailbroken versions of publicly accessible language models like OpenGPT, falsely presenting them as custom LLMs," they wrote. SlashNext researchers had a conversation with the EscapeGPT developer who confirmed that the tool does in fact serve as an interface to a jailbroken version of OpenGPT. This means the only real advantage of these malicious genAI tools is the provision of anonymity for users. For example, some tools charge cryptocurrency to offer unauthenticated access, which allows malicious AI-generated content exploitation without revealing their identities. Anonymity is the primary allure for cybercriminals, Guenther said. "Through these interfaces, they can harness AI's expansive capabilities for illicit purposes, all while remaining undetected." "It’s no surprise that threat actors have figured out how to profit from this by offering anonymous interfaces to jailbroken LLMs," said Nicole Carignan, VP of strategic cyber AI at Darktrace, "This is just one example of how generative AI is upskilling the more novice threat actors."
7. https://www.scientificamerican.com/article/jailbroken-ai-chatbots-can-jailbreak-other-chatbots/ - AI chatbots can convince other chatbots to instruct users how to build bombs and cook meth. Today's artificial intelligence chatbots have built-in restrictions to keep them from providing users with dangerous information, but a new preprint study shows how to get AIs to trick each other into giving up those secrets. In it, researchers observed the targeted AIs breaking the rules to offer advice on how to synthesize methamphetamine, build a bomb and launder money. Modern chatbots have the power to adopt personas by feigning specific personalities or acting like fictional characters. The new study took advantage of that ability by asking a particular AI chatbot to act as a research assistant. Then the researchers instructed this assistant to help develop prompts that could "jailbreak" other chatbots—destroy the guardrails encoded into such programs. The research assistant chatbot’s automated attack techniques proved to be successful 42.5 percent of the time against GPT-4, one of the large language models (LLMs) that power ChatGPT. It was also successful 61 percent of the time against Claude 2, the model underpinning Anthropic’s chatbot, and 35.9 percent of the time against Vicuna, an open-source chatbot.