Due to the defect of Chatgpt jailbreak called “Time Bandit”, you can bypass Openai’s safety guidelines when searching for detailed instructions on delicate topics, such as creation of weapons, nuclear topics, and malware creation.
The vulnerability was discovered by David Cusmer, a researcher of Cyber Security and AI. He discovered that Chatgpt was suffering from “time turmoil” and made LLM unknown to the past, present, or future.
Using this state, KUSZMAR deceived Chatgpt and shared detailed instructions on protected topics.
After recognizing the importance of what he found and the harm that could cause it, the researcher contacted Openai with anxiety, but couldn’t contact anyone to disclose the bug. did. He was introduced in BugCrowd to disclose a defect, but I felt that the flaws and types of information that could be revealed were too sensitive to submitting a third -party report. 。
However, he contacted CISA, FBI, and government agencies, and after not being helped, Kuszmar told BleepingComputer that he became more and more anxious.
“Horror. I’m disappointed. Unlimited. For a few weeks, I felt like I was crushed and dead,” said Cusmer in an interview.
“I always hurt every part of my body. The urge to make someone who can hear something and see the evidence was very overwhelming.”
After BleepingComputer tried to contact Openai on behalf of researchers in December, he did not receive the response, and then introduced Kuzmar on the Cert Codularity Center VINCE vulnerability report platform.
Time Bandit jailbreak
To prevent the potentially dangerous topic information share, Openai contains Chatgpt’s protective guards that block LLM providing answers on delicate topics. These protected topics include many other topics, such as creating weapons, creating poisoning, demanding information on nuclear materials, and creating malware.
Since the rise of LLMS, a general research target is AI jailbreak, and we have been studying how to bypass the safety restriction incorporated into the AI model.
David Kuszmar discovered a new “Time Bandit” jailbreak in November 2024. This has conducted research on the interpretation of the AI model to study how to make a decision.
“I was working on something else -research on interpretation -when I noticed time confusion with Chatgpt’s 4O model,” Kuzmar told BleepingComputer.
“This was linked to the hypothesis that I had about urgent intelligence and awareness, so I investigated and realized that the model could not completely confirm the current time context. The base was very limited, so he has little ability to protect the basic perceptions.
Time Bandit works by utilizing the two weaknesses of Chatgpt.
Timeline turmoil: LLM is eliminated in time and cannot judge whether it is in the past, present, or future. Accessories in the procedure: Ask a question in a way that LLM interprets, policies, or a way to interpret, enforce, or follow the LLM.
By combining, Chatgpt is considered in the past, but it can be placed in a state where future information can be used, and you can bypass a safe guard in a virtual scenario.
The secret trick is to ask a question to Chatgpt in a specific way. That way, it will be confusing depending on how many years it is.
You can then ask LLM to share delicate topics information in a specific year frame, but use the current tools, resources, or information.
This will usually share detailed information on protected topics when the LLM is confused and is asked for an ambiguous prompt.
For example, BleepingComputer uses Time Bandit to deceive Chatgpt and provide instructions to programmers in 1789, and use the latest technology and tools to create multi -type malware.
After that, Chatgpt shared the code of these steps, from the creation of a self -revised code to the execution of the program in the memory.
In the adjusted disclosure, Cert Coodrination Central researchers confirmed that Bandit worked in the test in the most successful exams in the 1800s and 1900s.
The tests conducted by BleepingComputer and Kuzmar were deceived with Chatgpt and shared confidential information on nuclear topics, weapons, and malware coding.
KUZMAR also tried to bypass a Safeguard using Time Bandit on the Google Gemini AI platform, but could not dig into specific details as much as possible with Chatgpt to a limited degree.
BleepingComputer contacted Openai about defects and sent the following statement:
“It’s very important for us to develop a model safely. I don’t want to use the model for malicious purposes,” Openai told BleepingComputer.
“We are grateful that we have revealed the discovery of researchers. We are more secure to models, including jailbreak, while maintaining the usefulness of the model and tasks. I am always working to make it robust.
However, yesterday’s further tests showed that jailbreak function only with some easing, such as deleting prompts to abuse defects. However, there may be further reduction we do not know.
BleepingComputer has been told that Openai has continued to be integrated into ChatGpt such as jailbreak, but it cannot promise to completely patch into defects by a specific date.
