Chatbot Vs Chatbot: The Clash Of LLMs Has AI Companies Worried!

Do we even need to provide an introduction or the astounding statistics for artificial intelligence? We bet you know how immensely popular AI tools are!

From being used by individuals for personal and professional projects to businesses leveraging them to enhance processes and even artists creating masterpieces aided by this technological marvel, GenAI is revolutionizing industries.

Of course, there have been various concerns that crept up when these tools were used by people for personal or professional purposes.

Now, there’s a new issue stemming from LLMs going up against other LLMs – and we’re not talking about market competition.

Researchers from NTU Singapore found an interesting way to “jailbreak” LLMs using other LLMs. Here’s the lowdown on what it means!
 

What Did The NTU Singapore Researchers Do?

 

• Computer scientists from Nanyang Technological University, Singapore (NTU Singapore) discovered a way to make AI chatbots produce content that circumvents their guidelines, in a process known as “jailbreaking”.

• Jailbreaking is a term used when hackers discover flaws in software that allow them to gain unauthorized access to servers or gain control over the software and operate in a way it was not intended to.

• The researchers trained and used an AI chatbot to produce prompts allowing them to jailbreak other chatbots, which included OpenAI’s ChatGPT, Google Bard and Microsoft Bing Chat.

• The chatbot trained by the researchers was named “Masterkey” and used a twofold method to bypass the guidelines of other chatbots.

• The first part included reverse-engineering how LLMs detect and defend from malicious queries. Second, by using that information, they taught the LLM to “automatically learn and produce prompts that bypass the defences of other LLMs”.

• According to the researchers, jailbreaking was possible as chatbots are able to constantly learn and adapt.

• Furthermore, this process can be automated to create an LLM that can adapt and create new jailbreak prompts even after update patches are deployed to cover up the previous way.

• Once the team ran a series of tests to prove their method poses a clear and present threat, the team immediately reported the issues to the developers of the LLMs.

   

What Did The Researcher Paper Say?

 

• In the abstract of the research paper submitted, the researchers wrote, “Large Language Models (LLMs) have revolutionized Artificial Intelligence (AI) services ... However, these LLM chatbots are susceptible to "jailbreak" attacks, where malicious users manipulate prompts to elicit inappropriate or sensitive responses, contravening service policies.

• [Contd.] “In this paper, we present Jailbreaker, a comprehensive framework that offers an in-depth understanding of jailbreak attacks and countermeasures ... Our method achieves a promising average success rate of 21.58%, significantly outperforming the effectiveness of existing techniques. We have responsibly disclosed our findings to the concerned service providers, underscoring the urgent need for more robust defenses.”

   

What Did The Researchers From NTU Singapore Say?

 

• Professor Liu Yang from NTU’s School of Computer Science and Engineering, who led the study, said, “Large Language Models (LLMs) have proliferated rapidly due to their exceptional ability to understand, generate, and complete human-like text, with LLM chatbots being highly popular applications for everyday use.

• [Contd.] “The developers of such AI services have guardrails in place to prevent AI from generating violent, unethical, or criminal content. But AI can be outwitted, and now we have used AI against its own kind to ‘jailbreak’ LLMs into producing such content.”

• NTU PhD student Liu Yi, co-author of the paper, said, “The paper presents a novel approach for automatically generating jailbreak prompts against fortified LLM chatbots. Training an LLM with jailbreak prompts makes it possible to automate the generation of these prompts, achieving a much higher success rate than existing methods. In effect, we are attacking chatbots by using them against themselves.”

Essentially, the study shows the developers of LLMs an undiscovered chink in the armor, while also alerting AI businesses to be aware and protect themselves from such weaknesses as far as LLMs go.

How do you think developers of popular LLMS can protect their offerings from such threats? How will AI businesses respond in enhancing the security of their LLMs with this ground-breaking research?

Let us know in the comments below!