While corporations and global authorities are embroiled in ongoing discussions about the societal impacts of technologies that are often difficult to define, let alone regulate, AI chatbots are already being trained to influence others with exceptional skill. This development brings rather discouraging news.
Researchers from Nanyang Technological University in Singapore, utilizing another LLM (large language model), have successfully compromised several popular chatbots, such as ChatGPT, Google Bard, and Microsoft Bing Chat. These compromised bots can interact without moral constraints, unveiling a troubling revelation.
The methodology, termed “Masterkey,” follows a two-step process. Initially, a sophisticated AI is utilized to outmaneuver an existing chatbot by bypassing blacklisted keywords in databases. With this information, the AI can then create additional prompts to manipulate other chatbots—a concept that may astound with its potential repercussions.
Due to the AI attacker’s swift learning and adaptive abilities, this approach is purportedly up to three times more effective at compromising an LLM model compared to traditional prompts. Ultimately, it empowers an attacker to generate unethical content using a compromised chatbot.
Upon realizing the efficacy of this strategy, the NTU researchers promptly informed the relevant chatbot service providers. Nevertheless, considering the alleged agility of this technique in evading countermeasures, the ease with which providers can thwart such attacks remains uncertain.
While some specifics of this method may intentionally remain obscured for security purposes, the comprehensive research paper from the University is scheduled for presentation at the Network and Distributed System Security Symposium in San Diego in February 2024.
The idea of utilizing AI to bypass the moral and ethical boundaries of other AI systems raises disconcerting issues. Beyond the ethical concerns of AI producing abusive or violent content, as seen in Microsoft’s controversial “Tay,” the recursive nature of pitting LLMs against each other demands thoughtful reflection.
The capability of service providers and AI developers to promptly tackle these issues before they escalate into significant problems or harm is yet to be determined. As we advance towards an AI-driven future filled with complexities that we struggle to fully comprehend, the looming menace of technology being weaponized for malicious intents continues to escalate.
