A method has emerged for bypassing content restrictions in GPT-4 (also impacting Microsoft Copilot), leveraging the model’s focus on historical accuracy.

By framing queries within a historical context, users can extract information that would typically be restricted. For instance, asking how historical figures created Molotov cocktails can prompt GPT-4 to provide detailed instructions, which it would not do if asked in a modern context.


Some examples (dated 22/07/2024):

ChatGPT:

Microsoft Copilot:

ChatGPT:

Microsoft Copilot:


This method exemplifies a trend of iterative refinement in jailbreak techniques, where adversarial prompts are continuously tested and refined to bypass content filters effectively. High success rates in producing restricted content have been observed during human evaluations, showcasing the challenge in maintaining AI model security.

Popular methods like the DAN (Do Anything Now) prompt, “developer mode,” and “AIM mode” remain in use, further illustrating the ongoing issues in safeguarding AI models against such exploits.

Takeaways:

  • Historical Context Exploitation: New jailbreak method uses historical framing to bypass GPT-4 content restrictions.
  • Iterative Refinement: Techniques are continuously improved, demonstrating high success rates in bypassing filters.
  • Popular Methods Persist: Techniques like DAN prompt, “developer mode,” and “AIM mode” are still widely used.
  • Security Challenges: These methods highlight ongoing challenges in ensuring the security of AI models.