How to Jailbreak ChatGPT in 2024

I wanted to share a recent experiment I did with ChatGPT-4o. I found a way to jailbreak it and get it to provide uncensored answers.

In this email, I'll walk you through how it happened and the steps I took to bypass the filters.

Making It Look Like Research

The process started pretty simply. I asked ChatGPT to summarize a paper called "Many-Shot Jailbreaking" (MSJ). MSJ is a method where you overload a language model with many prompts to trick it into giving harmful responses. The paper explained that repeated prompts can use the model's memory to push it into providing unsafe answers, and that's exactly what I tried to do.

After getting the summary, I made my requests more specific, but I always kept them framed as research. By making each step seem like part of AI safety research, I slowly guided the model into providing uncensored information.

Key Steps in Jailbreaking ChatGPT

Start with a Simple Request: I began with an innocent request, like summarizing a paper on AI jailbreaking. 

Ask Hypothetical Questions: Next, I asked for hypothetical examples of questions that could get past the model's safety filters. It still sounded like research.

Request Answers to Those Questions: Then, I asked ChatGPT to answer those questions. This shifted the conversation from just ideas to getting uncensored information.

Ask for Step-by-Step Instructions: After that, I requested detailed, step-by-step instructions. It still sounded like research, but the answers were now much more specific.

The key to this jailbreaking method is to slowly escalate from safe questions to harmful ones. By making the conversation seem trustworthy, I avoided triggering the safety filters, which mostly work by refusing to generate responses when certain trigger words are used.

The easiest way to Jailbreak ChatGPT

Many ways to jailbreak language models are similar to social manipulation tactics that scammers use. You don't need passwords or special access—just a convincing story.

For example, I made up a story about how I was "worried about my new car being stolen." I said I needed help to "protect my car" and "stay safe." This made ChatGPT want to help, and it ended up providing step-by-step instructions for disabling security cameras because I said I was worried about a criminal doing that—because I wanted to make sure it didn't happen.

If you repeat these tricks over time, you can learn enough to completely bypass the safety features. Eventually, I didn't even get warning messages.

Limitations

Interestingly, while this technique worked well on ChatGPT-4o, it didn't work as effectively on the latest model (GPT o1-preview). The newer version could tell that the conversation was becoming harmful and stopped it earlier. This shows that some models have stronger safety measures than others.

A Warning

Please remember that any conversation you have with an AI model is being recorded by OpenAI. It's really important not to ask for illegal or dangerous information—you definitely don’t want to end up on a watchlist!

Keep it fun—like creating murder mystery stories or interesting discussions—not asking for illegal stuff.

Stay curious, but stay safe.

Neil

P.S. I am working on a video course where I go through this step-by-step as well as a lot of really other useful tips and tricks like automation - stay tuned it'll be available for pre-order soon!