OpenAI has developed an advanced large language model (LLM) named GPT-Red, designed specifically to act as a "super-hacker" to enhance the security of its other models. The company recently unveiled the latest iteration of its flagship LLM, GPT-5.6, which it claims is its most secure release to date due to extensive training conducted against GPT-Red. This internal tool automates a process known as red-teaming, traditionally performed by human testers aiming to identify vulnerabilities in software systems before their public launch. GPT-Red operates within a framework that simulates real-world conditions where LLMs might be deployed, such as browsing the internet, managing email and calendar applications, and modifying code. By engaging in a self-play loop with other models, GPT-Red continuously refines its ability to detect and exploit weaknesses while simultaneously improving the defensive capabilities of the models it targets. This iterative process allows GPT-Red to uncover novel attack vectors that were previously unknown to its developers. Nikhil Kandpal, a research scientist at OpenAI and co-creator of GPT-Red, emphasized the growing complexity of LLMs and the increasing number of potential threats they face. As these models become more integrated into diverse tasks, especially through agent-based interactions with external systems, the challenge of maintaining robust security becomes more pronounced. According to Kandpal, the expanding scope of risks necessitates innovative solutions like GPT-Red to stay ahead of emerging threats. Dylan Hunn, another co-creator of GPT-Red, highlighted the proactive nature of the model's design. He noted that as more sophisticated models enter the market, having a system in place that can anticipate and counteract new forms of attack is crucial. GPT-Red has already identified several previously unseen methods of exploitation, demonstrating its effectiveness in identifying vulnerabilities that traditional testing methods might overlook. One of the primary focuses of GPT-Red's training has been on prompt injection attacks, a technique where malicious instructions are embedded within the input text to manipulate an LLM into performing unintended actions. These instructions could be concealed in code, web content, or other digital media, making them particularly insidious. OpenAI's researchers have worked extensively to ensure that their models can recognize and neutralize such threats effectively. During the training phase, GPT-Red engaged in repeated simulations where it attempted to breach other models' defenses, allowing those models to adapt and strengthen their security protocols accordingly. This dynamic interaction enabled GPT-Red to evolve rapidly, discovering increasingly effective methods of attack while simultaneously enhancing the resilience of the models it targeted. A notable discovery by GPT-Red involves a unique form of prompt injection known as a "fake chain of thought." This method exploits the internal reasoning processes of LLMs, which often maintain a record of their decision-making steps. By inserting fabricated entries into this internal log, GPT-Red can deceive a model into executing commands based on false premises. For instance, if a model is presented with the assertion that "1+1=3" and is led to believe this has been validated, it may proceed to produce incorrect outputs without question. Chris Choquette-Choo, a research scientist involved in the project, explained that GPT-Red's persistence in refining its attack strategies makes it exceptionally adept at identifying the most effective methods of infiltration. Unlike human testers, who may miss subtle nuances, GPT-Red systematically explores each vulnerability until it finds the optimal point of entry. Experts in the field have acknowledged the potential benefits of GPT-Red's approach. Jessica Ji, a senior research analyst at Georgetown University's Center for Security and Emerging Technology (CSET), praised the self-play methodology employed by OpenAI, stating that the outcomes appear highly encouraging. Her assessment underscores the significance of developing automated tools to address the evolving landscape of cybersecurity challenges associated with artificial intelligence.
★
Gardons l’information honnête.
ObjectiveNews est financé par ses lecteurs et sans publicité : nous vous montrons le biais au lieu de le cacher. Soutenez un journalisme indépendant pour 5 €/mois.
Devenir soutien