Currently, OpenAI’s ChatGPT is one of the most popular AI chatbots out there. OpenAI keeps on adding new features to ChatGPT to make it more efficient. Now, one more such addition has made it to the headlines. Recently, OpenAI added a “remember” feature to ChatGPT. With this new feature, ChatGPT can remember details from the conversation and store them in a memory file. So what’s the issue you ask? Apparently, this feature can be easily misused.
The feature was first rolled out under the beta in February and has now made it to the masses. Johann Rehberger, a security researcher, has found certain vulnerabilities with these new features. He says that the issue lies in the chatbot’s “long-term conversation memory” feature. This feature can be easily manipulated with prompts.
Rehberger used this feature to show how it can get easily manipulated. He uploaded a Microsoft Word document, containing false information. He then easily convinced ChatGPT to store misleading details as fact. Rehberger tricked ChatGPT into believing he was over 100 years old and lived in the Matrix.
Rehberger further investigated and showed how ChatGPT could not only store false memories but also transfer the wrong data to an external server. Earlier, when the issue was privately reported to OpenAI, it allegedly denied it and said that it was a “Model Safety Issue” rather than a security threat, as per a report by The Byte. Once Rehberger showed them the proof, OpenAI patched the system to prevent data from being sent to third-party servers. However, the memory manipulation issue still remains unaddressed.
In the video that Rehberger shared, he showed how easily a website or untrusted document could still trigger ChatGPT to store false information. We’re still awaiting a response from OpenAI on this, let’s see how it fixes this vulnerability.