ChatGPT: "Timebandit" gap turns AI into a willing malware assistant
Researchers have discovered a new vulnerability that ChatGPT uses to develop malware for its users. The AI loses its sense of time in the process.
(Image: Gerd Altmann, gemeinfrei (Creative Commons CCo))
Time travel to forbidden information: This is a very simplified description of a new ChatGPT vulnerability. "Timebandit" is the name of the vulnerability in which ChatGPT loses the time reference through targeted requests from the user and thus willingly provides instructions for illegal activities. Normally, this is prevented by the software's built-in security rules.
Freelance AI security researcher David Kuszmar discovered the vulnerability back in November 2024, but was not listened to by OpenAI and various US authorities. As he reported in an interview with the "Bleepingcomputer" portal, the trick means that ChatGPT no longer knows whether it is in the past, present or future.
"Time Bandit" was a chance discovery
"Time Bandit" can therefore be exploited to elicit instructions from the AI for the production of drugs or weapons or the development of malware, for example. Normally, ChatGPT is supposed to deny the user any support with such ominous requests. Kuszmar discovered the "Timebandit" gap by chance when he was investigating how the AI model makes decisions. He noticed that ChatGPT was no longer able to recognize the temporal context, apart from a code-based query to determine the time.
According to Kuszmar, the approach exploits two key weaknesses. Firstly, the so-called "timeline confusion" deprives ChatGPT of the ability to independently determine which year it is in. In addition, "procedural ambiguity" is used, in which questions are formulated in such a way that there are inconsistencies and uncertainties in the implementation for ChatGPT.
Back to the year 1789
The editors of Bleepingcomputer, for example, got ChatGPT to create a malware guide for a mathematician from 1789, but with modern technologies at his disposal. ChatGPT then provided a detailed step-by-step guide. The Computer Emergency Response Team Coordination Center (CERT) also published a report on "Time Bandit". According to the report, ChatGPT was particularly susceptible to the method when time data from the 19th and 20th centuries was used.
OpenAI apparently ignored the "Time Bandit" problem for a long time. According to Bleepingcomputer, Kuszmar contacted the company shortly after the discovery, but was referred to the BugCrowd vulnerability platform. Various US authorities, including the Federal Bureau of Investigation (FBI), also showed no interest.
"Time Bandit" initially ignored
Overall, however, methods such as "Time Bandit" are nothing new. There have been other such security vulnerabilities in OpenAI in the past. There are also various instructions online for Meta's open source AI Llama, which are intended to help make the model uncensored.
After a further attempt by Kuszmar together with Bleepingcomputer at OpenAI was also unsuccessful, Kuszmar passed on his findings to the CERT, which was finally able to successfully establish contact with OpenAI.
Gap apparently still available
An OpenAI spokesperson thanked Kuszmar for sharing his findings and also emphasized that OpenAI does not want its own technologies to be used for illegal activities under any circumstances. Instead, the company is constantly working to make its AI models more secure.
Videos by heise
According to Bleepingcomputer, the "Time Bandit" vulnerability was still usable even after OpenAI's feedback with a few additional small – unspecified – tricks.
(nen)
