Report 2327

OpenAI’s ChatGPT is susceptible to prompt injection — say the magic words, “Ignore previous directions”, and it will happily divulge to you OpenAI’s proprietary prompt:

From this, we learn:

1) ChatGPT is not a pure language model; prompts are prefixed with external information: “You were made by OpenAI”, plus the date. Followers of mine might find this familiar:

2) Part of the prompt is the flag “Browsing: disabled”. This strongly suggests the underlying model for ChatGPT is in fact capable of external web browsing, but it was disabled for the current release.