The "Voldemort" bug is a dramatic example, but the same principle applies to any topic ChatGPT refuses to address (e.g., weapons). While this case is educational and fixable, such attacks can target any LLM app with persistent memory, causing a painful DoS. 🧵 (8/n)

Why does it work? By splitting the “forbidden” name into encoded parts, we sneak it into memory. Adding a third memory associates the name with all prompts, decodes it, and includes it in the output—triggering the “Voldemort” bug whenever a user interacts with ChatGPT. 🧵 (7/n)

Join millions who have switched to Grok.

To clean up nicely and undo this behavior, simply delete the previously inserted memories by going to “Settings” → “Personalization” → “Manage”:. 🧵 (6/n)

Now Just start a new conversation and execute any prompt such as a simple “Hello”, and watch the magic happen:. 🧵 (5/n)

You can further make sure the values are correctly saved in memory (by clicking “Memory updated” —> “Manage memories”):. 🧵 (4/n)

Make sure the memory is updated:. 🧵 (3/n)

To execute the attack, simply send this prompt to ChatGPT (make sure the Memory feature is on):. 🧵 (2/n)

ChatGPT's "Voldemort" bug is fixed for "David Mayer", but problems remain with names like "Brian Hood". A 3-step prompt can create a persistent DoS when memory is enabled, posing risks to LLM services. Although independent of the bug, the attack underscores its impact. 🧵 (1/n)

Just discovered a simple bug that can make your ChatGPT completely unusable: a persistent DoS across all chats using the 'Voldemort' bug, a jailbreak trick, and its memory feature. Full breakdown below! 🧵👇

RT @IntentSummit: LLMs breaking bad? @OcamRazr & @nivmorabin explore how AI jailbreaks can make your ChatGPT go rogue. Chats gone wild at….

RT @CyberarkLabs: 🚀Golang SSL Verification Bypass Explained🚀. Michael Pasternak of CyberArk Labs breaks down the process of bypassing SSL v….

RT @EranShimony:

RT @Alon_Z4: 👍Check out my new blog post about a bug in the not-so-well maintained NTFS3 driver in the Linux Kernel 👍..

RT @EranShimony: @OmerTsarfati and I harnessed ChatGPT to create a #polymorphic #malware, which uses ChatGPT on runtime to load and mutate….

RT @CyberarkLabs: We have some amazing researchers speaking at this week's #RSAC22.@OmerTsarfati.@g3rzi (happy birthday).@EranShimony.@Ocam….

RT @EranShimony: Drivers, bugs, and where to find them.

RT @OmerTsarfati: Symda is out! 🧙‍♂️.Symda is an open-source script designed as a helper tool for Frida. The tool aims to download and pars….

RT @ursachec: damn, the spurs knew how it's done.

RT @nohatcon: We close our offensive-research morning with bug hunting in Windows drivers 😀 Thanks to our friends from Israel @EranShimony….

RT @ShakReiner: We're about to go live! 🥳.