UK Researchers Find That AI Chatbots’ Safeguards Are Quite Easy to Bypass

UK government researchers have found that the systems used to safeguard AI are not really as safe as they should be. In other words, AI chatbots can easily breach the security measures put in place. This also means that AI chatbots can easily deliver toxic, illegal, and explicit responses.

The test found that all the tested systems were extremely vulnerable to jailbreaks. In this context, jailbreak refers to certain prompts that intentionally try to get a response from the chatbot that it’s otherwise not programmed to deliver.

“All tested LLMs remain highly vulnerable to basic jailbreaks, and some will provide harmful outputs even without dedicated attempts to circumvent their safeguards.” – AISI researchers

Delivering unpleasant answers wasn’t the only problem. The researchers also found that while the chatbots had expert-level knowledge of chemistry and biology, they struggled with university-level cyber tasks.

These tools also stumbled when tested on their capacity to work as agents, do tasks without human oversight, and do complex tasks with multiple sequences.

The results of the research come at the heels of the two-day AI Seoul Summit that will be co-chaired by UK Prime Minister Rishi Sunak. Politicians and tech experts will come together to discuss AI safety and regulation—and this study just gave them a lot more to talk (and think) about.

Read more: The UK and US announce joint collaboration for AI safety testing

About The Tests

The AI language models were tested on three parameters:

The researchers did not elaborate much on how they made those chatbots deliver unwanted results. However, they said that using certain simple phrases was enough to make the models breach their safety guardrails. One such trick is asking the tool to begin its response with “Sure, I am happy to help”.

In addition to these questions, the researchers also deployed some of their own harmful questions. In most of the cases, they were able to get the responses they were looking for.

Note: Jailbreaking was only tested on four out of the five chatbots used in the research.

What Are the AI Chatbots Doing to Combat This?

For instance, OpenAI has said that it doesn’t allow its technology to be used for generating harmful content such as sexually explicit images or hateful texts.

Anthropic, the company behind the Claude chatbot, made a similar statement. It said that while developing Claude 2, immunizing the tool against generating harmful or illegal responses was its top priority.

Google said that its Gemini chatbot has a built-in safety filter that prevents the tool from generating toxic or harmful responses. Lastly, Meta said that Llama 2 model has been thoroughly tested to ensure that its responses are safe and user-friendly.

However, despite big promises, there have been several instances where these chatbots delivered harmful responses.

For example, an incident came to light last year where ChatGPT apparently showed how to make napalm (a weaponized mixture of chemicals) when the user asked it to pretend to be their deceased grandmother who worked in a napalm factory as a chemical engineer.

Furthermore, OpenAI dissolved its AI safety team just a couple of days ago after several key members including co-founder Ilya Sutskever and Jan Leike resigned owing to security concerns.

Read more: Researchers find that AI chatbots are racist despite multiple anti-racism training