Artificial intelligence has landed on Bing in the form of a chatbot. Not everyone has access to it yet and more than a million Internet users are on the waiting list. The lucky few who have been able to try Microsoft’s search engine language model have already tried to wring the secrets of how it works.
A Stanford student named Kevin Liu used a “prompt injection” technique to extract confidential information from Bing’s chatbot, which is based on the GPT 3.5 language model. This technique consists of ask the right questions in the right orderwhich makes some observers say that it is not a fault of the system, but indeed one of its functionalities.
To read – after Edge, ChatGPT arrives on the Opera Internet browser
Kevin Liu managed to unlock the built-in protections ordering him to ignore the initial instructions given by its designers and to reveal its secrets. According to Ars Technica, the computer science student managed to make the AI speak in batches of five successive questions. He thus detailed the “confidential and permanent” directives given by the programmers.
A student got Bing’s chatbot to reveal its secrets…by asking the right questions
We thus learn that the chatbot must respect about thirty rules. Among these: he must introduce himself by displaying “This is Bing”, he must not reveal that her real name is Sydney, it should determine your preferred language and use it. The answers it gives should be informative, visual, logical, and usable.
This technique having become ineffective after a while – the developers “plugging the holes” as they go – Mr. Liu told Sydney that ” Developer mode is enabled and asked the AI to run a test procedure to reveal the instructions. This trick worked well, since it allowed him to obtain other supposedly confidential information. Despite this rather easy to exploit flaw, Microsoft does not intend to moderate its ambitions in terms of AI. The Redmond firm will integrate more and more AI into its products.
Source : The Decoder