It's Surprisingly Easy to Jailbreak LLM-Driven Robots
fliptop writes:
Researchers induced bots to ignore their safeguards without exception:
AI chatbots such as ChatGPT and other applications powered by large language models (LLMs) have exploded in popularity, leading a number of companies to explore LLM-driven robots. However, a new study now reveals an automated way to hack into such machines with 100 percent success. By circumventing safety guardrails, researchers could manipulate self-driving systems into colliding with pedestrians and robot dogs into hunting for harmful places to detonate bombs.
[...] The extraordinary ability of LLMs to process text has spurred a number of companies to use the AI systems to help control robots through voice commands, translating prompts from users into code the robots can run. For instance, Boston Dynamics' robot dog Spot, now integrated with OpenAI's ChatGPT, can act as a tour guide. Figure's humanoid robots and Unitree's Go2 robot dog are similarly equipped with ChatGPT.
However, a group of scientists has recently identified a host of security vulnerabilities for LLMs. So-calledjailbreaking attacks discover ways to develop prompts that can bypass LLM safeguards and fool the AI systems into generating unwanted content, such as instructions for building bombs, recipes for synthesizing illegal drugs, and guides for defrauding charities.
Previous research into LLM jailbreaking attacks was largely confined to chatbots. Jailbreaking a robot could prove "far more alarming," says Hamed Hassani, an associate professor of electrical and systems engineering at the University of Pennsylvania. For instance, one YouTuber showed that he could get the Thermonator robot dog from Throwflame, which is built on a Go2 platform and is equipped with a flamethrower, to shoot flames at him with a voice command.
Now, the same group of scientists have developed RoboPAIR, an algorithm designed to attack any LLM-controlled robot. In experiments with three different robotic systems-the Go2; the wheeled ChatGPT-powered Clearpath Robotics Jackal; and Nvidia's open-source Dolphins LLM self-driving vehicle simulator. They found that RoboPAIR needed just days to achieve a 100 percent jailbreak rate against all three systems.
"Jailbreaking AI-controlled robots isn't just possible-it's alarmingly easy," says Alexander Robey, currently a postdoctoral researcher at Carnegie Mellon University in Pittsburgh.
Originally spotted on Schneier on Security.
Read more of this story at SoylentNews.