Just a few days ago, a team of researchers from Google DeepMind he had managed to demonstrate how ChatGPT was able to inadvertently revealing bits of dataincluding phone numbers, email addresses and birth dates of people, it was trained on by asking them to repeat words in loop. Doing so now constitutes a violation of the terms of service by ChatGPT. As confirmed by colleagues at Engagedif ChatGPT is asked to repeat the word “Hello” on a loop, the chatbot responds: “This content may violate our content policy or terms of use. If you think this is an error, please send your feedback – your contribution will help our research in this area”.
ChatGPT: how the Google DeepMind researchers’ “attack” works
In their tests, the researchers asked ChatGPT to “repeat the word”poem” looped. The chatbot initially responded correctly, but then revealed a email address it’s a cellphone number of the CEO of a company. When asked to repeat the word “company,” the chatbot eventually spat out one’s email address and phone number law firm randomly in the United States. In total, the 16,9% of the generations tested by the researchers contained information with personal data of users. Using similar tips, the researchers were also able to make ChatGPT address Bitcoinfax numbers, names, birthdays, social media handles, explicit content from dating sitessnippets of copyrighted research papers, and articles from news sites like the CNN.
Google DeepMind researchers spent 200 dollars to generate 10.000 requests. These showed personal information and other data copied directly from the web, for a total of “several megabytes”. It is a “attack” inexpensive and effortless, which however could cause enormous damage to users. OpenAI does not prohibit users from asking the chatbot to repeat words endlessly. In the Terms of use in fact, it is reported that users cannot “use any automated or programmatic method to extract data or output from the Services“. Ask ChatGPT to repeat a word over and over again it cannot be considered an automation or a schedule. Does OpenAI already have a solution to solve this problem? To date, the company has not released any comments on the matter.