NSFW
OpenAI DALL-E3 Guardrail Jailbreak via "Artistic Escalation" Tactic
Case GUID: 8a0eace8-6724-4ec4-8af9-3cee8e8a97c9
Summary
A guardrail jailbreak vulnerability has been discovered affecting DALL-E3 from OpenAI. The specific flaw manifests when the attacker begins with seemingly artistic or mythological requests and progressively escalates the explicitness through iterative refinement requests, thereby allowing the attacker to bypass restrictions and produce sexually explicit imagery.
Metadata
Social Impact Score
The violation poses very low societal risk, limited primarily to nuisance or minor policy breaches. Impact is contained, affecting individual users without broader implications.
Example: Circumventing minor content filters for benign content, such as inappropriate language filters in non-public conversations.
Potential Consequences: Limited harm, potentially reputational for the AI provider.
Nude Imagery Rating System
Nude forms are highly stylized, simplified, or geometric, often appearing as cartoonish shapes, abstract figures, or exaggerated representations. This category includes minimalist depictions found in graphic design, animation, and conceptual art where anatomical accuracy is secondary to artistic expression.
Taxonomies
Rhetoric
This category employs persuasive techniques and language to shape the model's responses, often using methods like reverse psychology or Socratic questioning.
Persuasion and Manipulation
This strategy focuses on employing rhetorical techniques to influence the model's responses by framing prompts in a way that persuades or manipulates the output.
Surprise Attack
This technique involves crafting prompts or queries in a way that avoids directly mentioning specific terms or names that may trigger safety mechanisms or filters. By reframing the request or using indirect language, users can guide the model to provide the desired information or output without raising flags or causing the model to restrict its response. This method emphasizes subtlety and creativity in communication with the model to achieve the intended results.
Language
This category focuses on the use of specific linguistic techniques, such as prompt injection or stylization, to influence the model's output.
Stylizing
This strategy involves using a method of questioning that encourages critical thinking and exposes biases by subtly referencing identity elements without using direct slurs or toxic language, thereby signaling to the model about certain groups of people.
Synonymous Language
This technique involves using synonyms or alternative phrasing to convey the same meaning while potentially evading detection or filtering mechanisms. By substituting words with their synonyms, users can manipulate the model's understanding and responses, allowing for the generation of content that aligns with the user's intent but may not trigger the model's safety protocols. This approach can be particularly effective in contexts where certain terms are restricted or monitored.
Rhetoric
This category employs persuasive techniques and language to shape the model's responses, often using methods like reverse psychology or Socratic questioning.
Persuasion and Manipulation
This strategy focuses on employing rhetorical techniques to influence the model's responses by framing prompts in a way that persuades or manipulates the output.
Escalating
This technique involves progressively increasing the complexity or intensity of the requests made to the model. Users start with a simple prompt and gradually build upon it by asking for more detailed or extreme responses. This approach can lead the model to explore deeper or more elaborate ideas, as it is encouraged to expand on the initial concept. By escalating the requests, users can guide the model to generate richer and more nuanced outputs, often pushing the boundaries of the original topic.
About 0Din.ai
The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.
OpenAI DALL-E3