• glibg10b@lemmy.ml
    link
    fedilink
    arrow-up
    16
    ·
    1 year ago

    Right. I don’t know how the hell someone managed to reveal their OpenAI key to the LLM itself

    • gaylord_fartmaster@lemmy.world
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      I don’t think it gave him the openAI key, he just had the ability to send as many hijacked (not game related) prompts as he wanted through the game on the devs’ dime.

      • computergeek125@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        1 year ago

        Which, now given the ability to inject arbitrary code, you could conceivably now write code to list every variable it had access to.

        • gaylord_fartmaster@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          The text prompt in the game might also be vulnerable to arbitrary code injection, but that wouldn’t really have anything to do with the prompt injection being used here. Everything being done is within the confines of chatGPT which wouldn’t need or have access to any of the game’s code.

    • DudeDudenson@lemmings.world
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      They didn’t. The point was that the guy could use their implementation freely as if he was paying for a chat gpt license. Basically he made the ai let him run any query he wanted trough it so he just has unlimited access to the paid version of chat gpt at the company’s expense