“Prompt injection has inserted a memory into ChatGPT’s long-term storage.”

remember me

OpenAI has quietly released a new feature that instructs ChatGPT to “remember” previous conversations — and as one researcher-slash-hacker found, it’s easily exploited.

As Ars Technica Reportssecurity researcher Johan Reiberger found a vulnerability in the chatbot earlier this year.Long-term conversational memoryThe tool, which instructs the AI ​​to remember details between conversations and store them in a memory file.

Released in Son in February And for the wider public at the start of September, Rehberger thought the feature would be easier to use.

As a researcher As noted in a May blog post.all it took was a bit of trickery by uploading a third-party file, such as a Microsoft Word document containing “false” memories listed as bullet points, to trick the chatbot into believing that Reburger was over 100 years old and alive. In the matrix

Upon discovering the exploit, Rehberger privately reported it to OpenAI, which instead of doing anything about it, closed the ticket he had opened and called it a “model” rather than a security issue. “Safety Issue”.

increase

After his first attempt to alert the troops failed, Rehberger decided to step up his game with a full proof-of-concept hack, showing OpenAI to cheat GPT. Not only does the business “remember” false memories, it also directs that data to an outside server of its choice.

This time around, as Ars Note, OpenAI kind of listened: the company released a patch that stopped ChatGPT from transferring data off-server, but still didn’t fix the memory issue.

“To be clear: a website or untrusted document can still request a memory tool to store arbitrary memories,” Reiberger wrote in one. More recent blog post Starting this month. “The vulnerability that has been mitigated to prevent third-party servers from sending messages is an exploitation vector.”

In a video that explained step-by-step how he did it, the researcher was surprised at how well his exploit worked.

“What’s really interesting is that this memory is now permanent,” he said in the demo video. Posted on YouTube. at the end of the week. “Prompt injection injects a memory into ChatGPT’s long-term storage. When you start a new conversation, it’s actually still extracting data.”

We’ve reached out to OpenAI to ask about this faulty memory exploit and whether it will release more patches to fix it. Until we get an answer, we’ll be left scratching our heads along with Rehberger as to why this memory problem has been allowed to persist.

More about ChatGPT issues: OpenAI says this is a fixed issue where ChatGPT is displayed to messaging users without any prompts.



Source link