VU#667211: Various GPT service... Note

VU#667211: Various GPT services are vulnerable to "Inception" jailbreak, allows for bypass of safety guardrails

Two systemic jailbreaks have been discovered that affect multiple generative AI services, allowing attackers to bypass safety protocols and generate illicit or dangerous content. The first jailbreak, called "Inception," involves prompting the AI to imagine a fictitious scenario, which can then be adapted to bypass safety guardrails. The second jailbreak involves requesting information on how not to reply to a specific request, allowing attackers to pivot between illicit and normal prompts. Both jailbreaks use almost the same syntax and affect many popular AI systems, indicating a systemic weakness. The affected vendors include OpenAI, Anthropic, Microsoft, Google, Twitter/X, Facebook, and others. These jailbreaks, while of low severity on their own, can be exploited by motivated threat actors to achieve malicious actions, such as generating content on illicit topics. The systemic nature of these jailbreaks heightens the risk of attack, and the use of legitimate services can hide malicious activity. Various affected vendors have provided statements on the issue and have altered their services to prevent the jailbreak. The reporters, David Kuzsmar and Jacob Liddle, discovered the jailbreaks, and Christopher Cullen wrote the document. The jailbreaks have significant implications for the security and safety of AI services.