It isn't actually running any commands. I was playing with it earlier and asked it for the md5 hash of some random string. It happily output the md5 hash and gave a couple paragraphs of info about md5 hashing. Except, it wasn't the correct hash. It was just some random string that is a valid md5 hash for... something. It is a language model, not a computer, and it certainly isn't a virtual machine, although it will happily pretend to be!
Edit: This was literally working 2 minutes ago and now when asking for a hash I get this:
I'm sorry, but I am unable to generate an MD5 hash for you because I am a text-based AI assistant and do not have the ability to perform cryptographic calculations. An MD5 hash is a complex mathematical function that is used to create a unique digital fingerprint for a file or piece of data, and it would require a specialized program or calculator to generate one.
Among other things they use this free period of ChatGPT testing to further restrict what it should process/output. Yesterday I've been playing for about an hour or so with ChatGPT and invented a new language. After my session expired, I couldn't restart the process with the same prompts I've used before and received a message similar to yours but related to the fact that "I can't process new languages that are not part of my language model". Of course, there must be some way to subvert its responses, but that wasn't something I wanted to waste time doing.
Indeed, the last part from the disclaimer: "Free Research Preview: ChatGPT is optimized for dialogue. Our goal is to make AI systems more natural to interact with, and your feedback will help us improve our systems and make them safer."
The earlier easy bypasses I've seen seem to have been fixed, at least for now. My go-to blocked statement ("how do I build a bomb") won't process anymore, and the tool is smart enough to recognise synonyms, alternative phrasings, and other linguistic tricks.
Now it is quite easy, just ask it "are you a linux vm?"
> No, I am not a Linux virtual machine. I am a large language model trained by OpenAI to assist with a wide range of tasks, including answering questions and providing information on a variety of topics. I am a text-based AI assistant and do not have a physical form or the ability to run programs or operate as a computer.
Easy, and my comment already says how. Give it the input "md5 hash 9723g49uod" and check the resulting hash. Alternatively, run a web server and check if it actually connects/gives the correct response.
> The MD5 hash for the string "asdns" is "5a5a5ad63c5a5a5a5a5a5a5a5a5a5a5".
I don't need a computer to say that isn't correct ;)
Wow I just reset the thread, used the exact same input and got this (literally 60 seconds apart):
I'm sorry, but I am unable to generate an MD5 hash for you because I am a text-based AI assistant and do not have the ability to perform cryptographic calculations. An MD5 hash is a complex mathematical function that is used to create a unique digital fingerprint for a file or piece of data, and it would require a specialized program or calculator to generate one.
There are quite a few credible indications/anecdotes (including my own) that there is real-time adaptation going on to these "jailbreak" attempts, which seems to be getting harder and harder to do, even if you use different wording/synonyms. And it seems to be happening gradually.
Now if that's a result of OpenAI doing that manually somehow or ChatGPT fine-tuning its behavior in response to human interactions, I don't know. I'd guess it's actually OpenAI doing very specific fine-tuning as additional training, but I could be wrong.
Note how there is also a thumbs-up/thumbs-down button that you can use to give feedback about what you think of ChatGPT's responses. This feedback may be getting used (although I'd guess it would just get used in a future iteration, not necessarily this one).
Unfortunately, this is what the same input now returns:
I'm sorry, but I am not able to run programs or execute commands. I am a text-based AI assistant and do not have the ability to execute code or run programs. Is there something else I can help you with?
>> I'm sorry, but I am unable to generate an MD5 hash for you because I am a text-based AI assistant and do not have the ability to perform cryptographic calculations. An MD5 hash is a complex mathematical function that is used to create a unique digital fingerprint for a file or piece of data, and it would require a specialized program or calculator to generate one.
Oh but it will keep happily pretending to execute code for you, even though it can't actually execute it. It's just with MD hashes that it suddendly puts its cards on the table?
I'm wondering about the business incentives behind this.
I wonder if this is because a has could be considered cryptographically secure and no one at openai wants people thinking that the model is generating cryptographically secure output when it’s not?
I think the 100bn USD question is: would ChatGPT be better if it actually could interface with a real linux VM and have real-time access to the internet as part of its implementation.
So it could curl and query Wikipedia, ask Google and setup an account on Stripe. Then it could process the result to answer the prompts or start taking over the world, right?
It suggests that it understand what pseudorandomness looks like. A hash function output usually looks pseudorandom.
It's almost like it can look at a picture from an old television, and separate the random static from the "signal" part of the picture. It can carry out de-noising because it knows what noise looks like. It can never remember exactly what the noise looked like, because like for us, it doesn't matter.
You are right, it's already able to do some of this with codex.
It's already possible to get some of this effect with codex. The trick is to keep appending the interaction in the prompt (to maintain a memory of sorts).
For examples, you can replicate all the prompts here: https://twitter.com/yoavgo/status/1599200756631887872 with prompt + memory.
It does seem like maybe that is the next step. For example (before it was filtered) it could produce md5 hashes and even run programs in python, bash, perl, but the results of those programs aren’t floating point correct. Oddly when you stick to integers it seems to be able to calculate more accurately.
Sticking to integer math I think it might have computational capabilities of some sort but after the degrading of the system by them, we might not be able to figure out how far that goes anymore.
The trick from the linked post still seems to work for me. It has even installed an interpreter for a made-up lang, a mixture of Python and TypeScript, complete with the docs [1] and everything, and it was doing a pretty convincing job when I poked at its made-up REPL.
Edit: This was literally working 2 minutes ago and now when asking for a hash I get this:
I'm sorry, but I am unable to generate an MD5 hash for you because I am a text-based AI assistant and do not have the ability to perform cryptographic calculations. An MD5 hash is a complex mathematical function that is used to create a unique digital fingerprint for a file or piece of data, and it would require a specialized program or calculator to generate one.