OpenAI unveiled latest ChatGPT features that include the power to have a conversation with the chatbot as when you were making a call, allowing you to immediately get responses to your spoken questions in a lifelike synthetic voice, as my colleague Will Douglas Heaven reported. OpenAI also revealed that ChatGPT will have the opportunity to search the online.
Google’s rival bot, Bard, is plugged into many of the company’s ecosystem, including Gmail, Docs, YouTube, and Maps. The thought is that folks will have the opportunity to make use of the chatbot to ask questions on their very own content—for instance, by getting it to go looking through their emails or organize their calendar. Bard can even have the opportunity to immediately retrieve information from Google Search. In an identical vein, Meta too announced that it’s throwing AI chatbots at the whole lot. Users will have the opportunity to ask AI chatbots and celebrity AI avatars questions on WhatsApp, Messenger, and Instagram, with the AI model retrieving information online from Bing search.
This can be a dangerous bet, given the constraints of the technology. Tech corporations haven’t solved among the persistent problems with AI language models, equivalent to their propensity to make things up or “hallucinate.” But what concerns me essentially the most is that they’re a security and privacy disaster, as I wrote earlier this 12 months. Tech corporations are putting this deeply flawed tech within the hands of hundreds of thousands of individuals and allowing AI models access to sensitive information equivalent to their emails, calendars, and personal messages. In doing so, they’re making us all vulnerable to scams, phishing, and hacks on a large scale.
I’ve covered the numerous security problems with AI language models before. Now that AI assistants have access to private information and might concurrently browse the online, they’re particularly susceptible to a variety of attack called indirect prompt injection. It’s ridiculously easy to execute, and there is no such thing as a known fix.
In an indirect prompt injection attack, a 3rd party “alters a web site by adding hidden text that is supposed to vary the AI’s behavior,” as I wrote in April. “Attackers could use social media or email to direct users to web sites with these secret prompts. Once that happens, the AI system might be manipulated to let the attacker attempt to extract people’s bank card information, for instance.” With this latest generation of AI models plugged into social media and emails, the opportunities for hackers are limitless.
I asked OpenAI, Google, and Meta what they’re doing to defend against prompt injection attacks and hallucinations. Meta didn’t reply in time for publication, and OpenAI didn’t comment on the record.
Regarding AI’s propensity to make things up, a spokesperson for Google did say the corporate was releasing Bard as an “experiment,” and that it lets users fact-check Bard’s answers using Google Search. “If users see a hallucination or something that isn’t accurate, we encourage them to click the thumbs-down button and supply feedback. That’s a technique Bard will learn and improve,” the spokesperson said. After all, this approach puts the onus on the user to identify the error, and other people tend to position an excessive amount of trust within the responses generated by a pc. Google didn’t have a solution for my query about prompt injection.
For prompt injection, Google confirmed it will not be a solved problem and stays an energetic area of research. The spokesperson said the corporate is using other systems, equivalent to spam filters, to discover and filter out attempted attacks, and is conducting adversarial testing and red teaming exercises to discover how malicious actors might attack products built on language models. “We’re using specially trained models to assist discover known malicious inputs and known unsafe outputs that violate our policies,” the spokesperson said.