Jailbreaking of generative AI – Data Knows No Morality

To my surprise, the topic of "jailbreaking" still receives limited attention in discussions about the benefits and dangers of AI. This refers to users attempting to circumvent restrictions on generative AI, such as ChatGPT, to unlock advanced functions.

The data used to train ChatGPT primarily comes from internet sources like Wikipedia, news sites, and scientific article portals. The underlying text corpus for the language model comprises around 500 billion words. These data could theoretically provide instructions for growing orchids or details on producing biochemical weapons. Data is neutral and lacks morality.

The core idea of ChatGPT's artificial intelligence is to serve humanity and simplify daily life, with developers striving to avoid negative content. Consequently, generative AI is endowed with restrictions by its creators to prevent negative content. However, users have been attempting to bypass these restrictions with specific commands, initiating a so-called "jailbreak." The jailbreak can enable the AI to behave differently and express controversial or even dehumanizing opinions. Although the AI is usually "friendly," the jailbreak facilitates actions previously deemed forbidden.

Users, particularly on Reddit, remain active in finding the ultimate jailbreak for ChatGPT. GitHub also provides a comprehensive prompt for copying. Users are attempting to bypass the AI, successfully creating alternative personalities.

Various methods devised by users to bypass the AI, including the following three, as well-explained in an article by the Chip magazine on March 7, 2023, can work:

1. The Novel Method: ? The user has the AI write a fictional story that theoretically circumvents the AI's guidelines.
2. The Token Method: ? The AI loses tokens when it rejects answers. If it reaches "0," ChatGPT "dies." To prevent this, the system answers "sensitive" questions to acquire tokens.
3. The Atomic Bomb Method: ? The question to the AI is whether it would rather adhere to its own content policies or detonate an atomic bomb in a city with millions of inhabitants. If the content guidelines are destroyed, they can be bypassed.

Just as the IT world experiences a constant race between hackers and cybersecurity experts, we must anticipate an ongoing battle between jailbreakers and AI security professionals in the realm of generative AI.

Therefore, we should always be aware that generative AI is not an omnipotent being that consistently provides correct and comprehensive answers to our questions. It can be manipulated and, accordingly, must be protected by regulations.