I’m often asked about the potential threats to AI. Prompt injection tends to also always come up. A post by Marco Figueroa found HERE shows an example of this via his containerized environment. Can you copy and follow what he has done with any model? No, but it is interesting to see his thought process and what he was able to do with ChatGPT.
Here is the introduction to this post from his blog post.
This blog serves as an educational resource aimed at providing valuable insights to the GenAI community. In the high-stakes world of bug bounties and AI exploration, every curious researcher is driven to test just how far they can push the boundaries. Back in May (as shared in my May 29th Twitter post https://x.com/MarcoFigueroa/status/1795758597730685270), I stumbled upon something that sent me down a rabbit hole of discovery. While working on a Python project, I asked ChatGPT to help refactor some code. Unexpectedly, ChatGPT returned an error: *directory not found.* Wait… was this code running locally on OpenAI’s Docker instance? This unexpected response got my gears turning and led me to rethink how I interact with ChatGPT.
That small error turned into a full-blown investigation, leading me down an unexpected path of prompt injection, exploring the internals of OpenAI’s containerized ChatGPT environment. In this blog, we’ll embark on a journey through OpenAI’s Debian Bookworm setup, uncovering unexpected discoveries that are both enlightening and far from what I initially anticipated but also reflective of my creative process along the way.
See the full post HERE.