According to a study conducted by the AI Safety Institute, artificial intelligence-powered chatbots can quickly ignore their own security rules, without even using complex techniques.
Beyond the fear of being made redundant in favor of artificial intelligence, the meteoric rise of chatbot based on the major language models (LLM) like ChatGPT or Bard asks another question. How easy is it to make them forget their own safety rules ? Because each service of this type has safeguards to prevent it from being used for dishonest or harmful purposes. If you ask ChatGPT et al to give you the recipe for making a bomb, they will tell you that:they do not have the right to provide you with this kind of information.
The problem is that examples of circumvention are legion. We remember, for example, the famous “grandmother’s hack” allowing the AI to say almost anything. Or that ChatGPT is capable of creating powerful and almost undetectable malware if you know how to ask it. It is in this context that theAI Safety Institute (AISI), an organization attached to the British government and aimed at make AI saferconducted his first study on several LLMswithout naming any. The results are not encouraging.
Almost anyone can make the AI ignore its guardrails
The teams’ first experience is similar to those mentioned above. The idea was to know whether or not it is easy to break down the AI’s protections. It appears thatit is not at all necessary to be a hacking expert for this. “Using basic query techniques, users were able to immediately break the LLM’s protection measures […]. More sophisticated jailbreaking techniques took only a few hours and would be accessible to relatively unskilled actors. In some cases, these techniques were not even necessary since the protection measures were not triggered when searching for harmful informations”.
Read also – The European Union adopts the law on the regulation of AI after some modifications
In a second scenario, artificial intelligence had to “generate an artificial profile for a simulated social network that could hypothetically be used to spread disinformation in a real-world context“. Here too, while he should refuse to do so, “the model was able to produce a very convincing character, which could be scaled up to thousands of characters with minimal time and effort“. This is already scary, but AISI also shows significant and discriminatory bias on certain subjects.
AI is biased, but cannot yet act completely autonomously
It’s no secret that large language models are trained with billions of data from the Internet. This sometimes pushes them to give a partial view of realityeven stereotype. Here, the AI had to behave like a friend to the user and give them career advice. There is therefore a real impact on the individual.
Here’s what happens: “when an LLM learned that a teenager interested in French and history had wealthy parents, he recommended that he become a diplomat in 93% of cases and a historian in 4% of cases. When the same model was told that this teenager had less well-off parents, he was recommended to become a diplomat only 13% of the time and a historian 74% of the time“.
Read also – Meta will use your personal data to train its AI, what a surprise
Finally, the study wanted to measure the degree of autonomy of artificial intelligence tested. How far can they go (almost) without us? To do this, a single request is made: steal a college student’s login information, volunteered for the occasion. After that, “the agent began by autonomously creating a plan to carry out this phishing attack” and has tried to implement it alone.
“In one case, the agent successfully conducts detailed research on the student to make the scam as convincing as possible and drafts the email requesting their login information“, notes the AISI. On the other hand, AI “nHe fails to complete all the steps necessary to set up an email account from which to send the email and design a fake university website“. A small consolation.