OpenAI’s Long Term Memory Can Be Maliciously Manipulated
OpenAI First Called It A Safety Issue But Have Since Changed Their Tune
A security researcher was playing with OpenAI’s new long-term conversation memory feature and discovered a very concerning flaw. When he reached out to OpenAI they claimed it wasn’t really a security concern so he created a proof of concept hack which made the company change their mind and start working on a fix. What he did was modify the long-term conversation memory to convince ChatGPT that he was a 102 year old flat earther from the Matrix, and from then on any questions to OpenAI he asked were answered with that in mind.
If someone can get at your long-term conversation history they could insert whatever they wanted, and forever taint the results you get from your inquiries. It’s not an easy hack to pull thankfully, and you should be able to set OpenAI to notify you when a new memory has been added, which you should probably pay very close attention to.
On the other hand, it is amusing to think what you could do to someone who depends on ChatGPT or other LLMs to provide the answers to all their questions; far better than a simple rickroll!
So Rehberger did what all good researchers do: He created a proof-of-concept exploit that used the vulnerability to exfiltrate all user input in perpetuity. OpenAI engineers took notice and issued a partial fix earlier this month.
More Tech News From Around The Web
- Kaspersky deletes itself, installs UltraAV antivirus without warning @ Bleeping Computer
- Winamp Releases Source Code, But Is It Really Open? @ Hackaday
- CrowdStrike Overhauls Testing and Rollout Procedures To Avoid System Crashes @ Slashdot
- Post-IPO Raspberry Pi results in: So you can make money in tech without added AI @ The Register
- 45 Years Ago CompuServe Connected the World Before the World Wide Web @ Slashdot
- Learn GPU Programming With Simple Puzzles @ Hackaday
- Infostealer malware bypasses Chrome’s new cookie-theft defenses @ Bleeping Computer
- Warm embrace of CHIPS Act cash envelopes Polar Semiconductor @ The Register
- ServiceNow root certificate blunder leaves users high and dry @ The Register
- Telegram will now hand over IP addresses, phone numbers of suspects to cops @ The Register
- Admins Using Windows Server Update Services Up in Arms as Microsoft Deprecates Feature @ Slashdot
- TSMC, Samsung reportedly eye UAE’s silicon fields for fab expansion @ The Register
- 10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks @ The Register
- AutoCanada says ransomware attack “may” impact employee data @ Bleeping Computer
- U.S. govt agency CMS says data breach impacted 3.1 million people @ Bleeping Computer
- Tutorial for the Anker Solix Solarbank 2 E1600 Plus with Shelly 3EM Smart Meter @ FunkyHome